cancel
Showing results for 
Search instead for 
Did you mean: 

Rootkit on FreeDOS

OnlineNow
Level 7
A bunch of guys decided that it was a good idea to target my computer, dump all my user/passwords, restream all screens (even those that werent mine like my sister and my brothers'), get remote access, sell my info, etc.

The rootkit is (I think) in the FreeDOS partition. I need to remove it. It keeps showing up in windows as Boot(X: ), replacing the boot keys, uploading my passwords/pictures to god-knows-who, etc. This started three months ago. I got tricked into installing a program called ManageIQ but the JSON part was modified. It told me to put someone else's json key instead of generate mine. I suppose whoever did this was waiting for me to click and was part of the staff of that page idk.

Updating the bios does nothing. Its like a sub-system that has higher priority than the actual OS (Windows 10).
748 Views
5 REPLIES 5

Zarathustraa
Level 7
Have you tried completely formating the drive, and zeroing it out?

Yes i did. Tried with different methods, livecds, OSs and even different hard drives, it keeps coming back. The virus is in the firmware, not the hard drives. Its been 3 months since this started.

Hopper64
Level 15
Swap out the bios chip(s) on the motherboard?
MZ790AE Bios 1602, GSkill F5-8400J4052G24GX2-TR5S, 14900KS, EKWB D5 TBE 300, Seasonic Prime TX-1600 ATX 3.0, Asus Strix 4090 w/ HK block, Phanteks Enthoo Elite, Asus Claymore 2, Asus Gladius 3, Asus XG349C, Crucial T705, Windows 11 Pro

Hopper64 wrote:
Swap out the bios chip(s) on the motherboard?


That doesnt work.

This is the rootkit I got hit by *https://forum.sysinternals.com/gpu-based-paravirtualization-rootkit-all-os-vulne_topic26706_page2.ht...
OP gets called crazy at first and then more and more people start describing the same kind of rootkits. Its the worst kind of virus ever. It adapta pretty quickly and seems impossible to remove. They get remote access to your entire network, uploads files to some server, converts all your machines into VMs, etc.

At this point I dont think I can get any help here becaue this is way too complex and some of you might think Im joking so will try asking in sysinternals instead.*

xeromist
Moderator
Yeah, I agree this isn't really our specialty here. You'll definitely find more interest and assistance in a security oriented forum.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…