Forum Discussion
Hacked and unable to clean pc
merlin02131
As you've said you've done a restore/recovery I am guessing by that your saying that you've done a PHYSICAL reformat of the Hard Drives and restored from external media that has never been in any infected PC? As a restore from an infected PC's 'Restore' partition has the potential to not be clean.
If that is the case, have you investigated the possibility that your machines have been infected at the BIOS/ME level by one of the CPU level exploits, which Depending on the make/model of the machine there is the possibility that one of the security vul's that were patched by either Intel or AMD has been impacted, in this case your solution would be to check the MB manufacturer and see if there are any updates for both the BIOS and ME (if it's intel i'm not certain what AMD call it).
If your working with Nortons, ask them if anything they have done has checked these areas to see if they have been infected, people forget that there are actually 2 'computers' on every one of our machines in the modern era, the ME and UFI and then the actual 'main' computer.
-Rob
Robert_Grahamhi Robert thx for the reply ! I have restored via the windows process from local to cloud restore and everytime it leaves remnants of the previous install . I have started with all anti virus companies Norton malware bytes defender one eset and no help . Also tracked this darned virus into processors etc and unable to find anything out of ordinary . Reached out to all the vendors with open tickets except Microsoft and am waiting for HP to call . Ungodly hours in looking at this ad it’s now beyond my abilities ! 8 computers and god only knows if my firewall router tv and other devices are affected as well ! In house lab !
Merlin1350 So if it's a ME exploited virus then you will not be able able to get rid of it with out patching the ME exploit, its part of the reason that you need to keep on top of the cpu etc updates, then there is also the chance that you've had a shadow remote system etc etc..
Your best bet is to isolate each machine, and do a clean media install, no backups just clean straight media.. and check on a clean router/switch.. Also check those and make certain nothing is using those which shouldn't be.
Your other option is if you can see the IP that is being transmitted to, lock that down in your routers firewall, literally block it, not a perfect solution but at least a temporary one.
Robert_Graham thanks for the quick reply ! There must be over 75 ip addresses stored somewhere on the pc as I cannot find anything ! I am looking for a windows 11 pro disk now as I reached out to a few local friends for help ! Good advice as I am working with opening a ticket with the router firewall company now as we speak ! Also going the mfg route as we speak ! As far as I know everything is at the latest as I spent most of yesterday reviewing !
