Solved! virus modified mbr

Status
Not open for further replies.
Apr 28, 2018
16
0
60
0
A virus on my pc has modified the mbr of my ssd & bitlocked a hidden partition containing modified inf & setup files. Diskpart cleanall says drive is clean. Reinstalling from a dvd reinstalls drivers that lock hdd. Help
 

USAFRet

Illustrious
Moderator
I'm not debating the legality, but rather the validity.

A valid Win 10 install, created with the current MediaCreation tool, will absolutely not impart any virus.

Either you're getting it from somewhere not valid, or you're installing the OS incorrectly.

MediaCreatin tool here: https://www.microsoft.com/en-us/software-download/windows10
Have only one drive connected.
Boot from that USB or DVD.
During the install delete ALL existing partitions on the target drive.
How to do a CLEAN installation of Windows 10

Unless you have some incredibly rare BIOS virus (you don't)...a virus will not survive deleting all the existing partitions.

If you're really concerned (and this is not an SSD), DBAN.
That will absolutely wipe the entire drive.
Nothing will survive.
 

The Paladin

Estimable
Herald
bitlock is a Microsoft option when you create a MS ouloook.com account (or link one) log unto the web page and turn it off.

log into outlook.com, click on your icon top right, select view account, view devices
select your pc. and click to turn off bitlocker




 
Apr 28, 2018
16
0
60
0
Indeed. I did a diskpart clean all & reintalled win10.
Scesetup.log shows users & sevices being installed by users that change permissions & remove rights to sorts of programs.
 
Apr 28, 2018
16
0
60
0
After install. (5th or 6th time.) I checked inf folder after allowing myself permission & found driver.inf is modified to set up a raid partition on ssd, then lock it. Further to that, infs for usb, cd/dvd & even vga are modified. It creates a virtual drive in ram at boot that cooies contents of partition, then reinstates it
 

USAFRet

Illustrious
Moderator


What OS is this, and where did you get the install USB or DVD from?
 
Apr 28, 2018
16
0
60
0
Perfectly legal. I purchased it not long ago , but recently had to dl an iso from microsoft because usb win10 I bought is now infected. Looking at the usb, I see that setup now references the hidden partition & reinstalls virus from ms usb. Nice huh.
 
Apr 28, 2018
16
0
60
0
Purchased with new pc at reputable shop.
That usb now corrupted.
Dl'd iso of 64 bit win10 version 1709 a week ago
& burned to single write dvd on another pc.
 

USAFRet

Illustrious
Moderator
I'm not debating the legality, but rather the validity.

A valid Win 10 install, created with the current MediaCreation tool, will absolutely not impart any virus.

Either you're getting it from somewhere not valid, or you're installing the OS incorrectly.

MediaCreatin tool here: https://www.microsoft.com/en-us/software-download/windows10
Have only one drive connected.
Boot from that USB or DVD.
During the install delete ALL existing partitions on the target drive.
How to do a CLEAN installation of Windows 10

Unless you have some incredibly rare BIOS virus (you don't)...a virus will not survive deleting all the existing partitions.

If you're really concerned (and this is not an SSD), DBAN.
That will absolutely wipe the entire drive.
Nothing will survive.
 
Apr 28, 2018
16
0
60
0
I understand how to do a clean re-install & have deleted the partitions with diskpart as well as gparted from a live linux disc. System is i5 7500 with 16gb pc2400 ram, a samsung 960evo & a corsair force 500 ssd, both are 256 gb nvme drives which were os drives, win 10 & linux respectively, plus a kingston 480 gb ssd for data. So three ssds.
I've read that dban won't work on ssds. What will?
 
Apr 28, 2018
16
0
60
0
Everything on all three drives has been deleted so I have no os to run samsung magician on & reinstall only reinstates the problem as all removable drives ie usb ports & dvd are compromised by the virus as soon as windows reboots. The files I looked at said something like 'expect sudden removal' & I suspect that it copies itself to any usb plugged into the pc as well as into ram. I suspect even the vga ram is being utilised for this. It initialises modified generic drivers it has within itself for everything, usb, dvd, vga, hdd. In frustration I wiped all the drives without copying the infs. I could go through the motions & reinstall to retrieve them if that might help someone figure this out.
 
Apr 28, 2018
16
0
60
0
Thats what I did once I realised the win usb stick was compromised. Somehow, this prevents any removable media from modifying the ssd as the freshly burned win10 dvd, dl'd & burned using ms install disk creation tool, on another pc, reinstates all these hidden setup files.
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
i_need_help_123 Antivirus / Security / Privacy 1
Anajoy Antivirus / Security / Privacy 8
CGoody564 Antivirus / Security / Privacy 3
G Antivirus / Security / Privacy 1
D Antivirus / Security / Privacy 2
Tomus63528 Antivirus / Security / Privacy 2
C Antivirus / Security / Privacy 4
H Antivirus / Security / Privacy 0
K Antivirus / Security / Privacy 1
T Antivirus / Security / Privacy 6
B Antivirus / Security / Privacy 7
H Antivirus / Security / Privacy 5
noelcrack00 Antivirus / Security / Privacy 4
K Antivirus / Security / Privacy 1
frostin71 Antivirus / Security / Privacy 4
J Antivirus / Security / Privacy 5
Me. Opanak Antivirus / Security / Privacy 1
S Antivirus / Security / Privacy 1
T Antivirus / Security / Privacy 4
DCB007 Antivirus / Security / Privacy 4

ASK THE COMMUNITY