Malware in HardDrive

Hi yoon_777

Full Scans for malwarebytes and the housecall  still running right now...

Good to hear, though if you initiated both scans at the same time, they may take considerably longer to complete than if they were run one at a time.

How did you go with viewing the list of connected wireless devices that are (or had been) connected to your wireless network?

@JohnC_21

 

It is possible but I think the chances of it happening to the average person is slim

The malware, known as NLS_933.dll, had the ability to rewrite HDD firmware for a dozen of HDD brands to plant persistent backdoors. Kaspersky said the malware was used in attacks against systems all over the world.

 

Kaspersky researchers claimed the malware was developed by a hacker group known as the Equation Group, a codename that was later associated with the US National Security Agency (NSA).

 

https://www.zdnet.com/article/five-years-after-the-equation-group-hdd-hacks-firmware-security-still-sucks/

 

UEFI can be also be modified to install bootkits. Firmware updates can fix this but how many people do that?

 

https://arstechnica.com/information-technology/2020/12/dangerous-uefi-malware-is-rare-a-botnet-called-trickbot-may-change-that/

 

https://usa.kaspersky.com/blog/mosaicregressor-uefi-malware/23419/

Thanks John, interesting reads.

They do all support my initial suspicion that a 'very specific set of circumstances need to exist' in order for them to be relavent though.

Best, Andrew

 

No, no... never mind what "had to be" done in the past. That's not what I was asking.

 

I specifically asked you to clarify your statements with today's technology in mind, not what existed 20 or 30 years ago. Rather than try to disguise a blurb about what you personally encountered decades ago as an answer to my queries, could you have another go at addressing the actual questions I asked? I'm very keen on learning from your aparantly vast bank of knowledge.

 

Thanks. I'll wait

 

Cheers.

 

 

Why certainly

Based on the information given, there is no known solution to the problem at hand with modern hardware

If you (or I) guess the correct solution, or fix the problem by accident, I would be happy to admit that the facts alone did not supply an answer to the current situation

Now, I'll just sit back and learn from your clearly superior knowledge

Sound good?

Why certainly

 

 

Based on the information given, there is no known solution to the problem at hand with modern hardware

 

If you (or I) guess the correct solution, or fix the problem by accident, I would be happy to admit that the facts alone did not supply an answer to the current situation

 

Now, I'll just sit back and learn from your clearly superior knowledge

 

Sound good?

Edited by achzone, 19 November 2021 - 06:32 PM.

Hi yoon_777

 

Full Scans for malwarebytes and the housecall  still running right now...

 

Good to hear, though if you initiated both scans at the same time, they may take considerably longer to complete than if they were run one at a time.

 

How did you go with viewing the list of connected wireless devices that are (or had been) connected to your wireless network?

This was very difficult... to know what device is what as they are un-named. Some are cell phones and others are desktops. I disable one "unknown" device that is connected via wifi.

Edited by hamluis, 19 November 2021 - 06:36 PM.

Hi yoon_777

 

This was very difficult... to know what device is what as they are un-named. Some are cell phones and others are desktops. I disable one "unknown" device that is connected via wifi.

Network security is a complex subject and not as easy as just doing 1, 2, 3, and you're done. If you persist in your efforts, though, then you'll hopefully be finally able to put an end to what you say have been years of frustration

Edited by achzone, 19 November 2021 - 06:44 PM.

 

So your admissions now beg the question, why did you claim the advice the OP was getting at this forum "very bad advice"? Never mind answering it - it's asked rhetorically.

 

The point of my engaging in this little dance with you was to illustrate that you ought to think before shooting off unsubstantiated and unsupported accusations at attempts to help people.

 

Why did I claim the advice was very bad?

Because the following is still untrue

"There is no malware that can survive a clean disk wipe if the hard drive has been formatted."

The correct response would be that "you" are unaware of any malware that can survive a drive wipe

As I have already said, there was no "correct" solution based on the available information and I cannot help the OP based on the information given

I am saying you are giving clearly bad advice by stating as a fact that "no malware can survive a disk wipe"

I am not referring to ancient hardware where it was easier to accomplish than it is today on modern hardware

I am referring to you making statements of fact, when you clearly cannot know whether the statement is true or not

That is very bad advice!

--------------------------------

Did this problem survive a disk wipe?

Yes!

Is it a scripting problem?

I don't know!

Does it return from the Internet?

I don't know!

Does it come from a router botnet?

I don't know!

Does it return when yoon_777 installs his software from backups?

I don't know!

So what is the answer?

I don't know!

I am not even sure if yoon has provided accurate information

What I do know is that it is always a very bad idea to make statements of fact when you do not have facts!

I hope you can learn a valuable lesson from this little exercise

What do YOU think?

Edited by Some-Other-Guy, 19 November 2021 - 08:18 PM.

For sure network security and its flaws is a gigantic jungle! The scans are taking forever... I don't think it can be done in just a few hours and I'd rather not burn out the computer at this time... I can push it as long as others in the home don't see it is wasting power. Very slow inherent of basic disk performance as you may be able to tell from the previous information from the other forum topic I posted.

Edited by hamluis, 20 November 2021 - 05:31 AM.

I hope you can learn a valuable lesson from this little exercise

 

What do YOU think?

 

Thank you Yoda,we have learned much from your venerable wisdom,..perhaps one day we will be worthy to run XP with the system frozen and the bios backed up.move over Vlaimir Putin.

 

I hope you can learn a valuable lesson from this little exercise

 

What do YOU think?

 

Thank you Yoda,we have learned much from your venerable wisdom,..perhaps one day we will be worthy to run XP with the system frozen and the bios backed up.move over Vlaimir Putin.

 

 You clearly did not learn anything!

But I'm glad you find your lack of wisdom so amusing

Hi yoon_777

 

For sure network security and its flaws is a gigantic jungle! The scans are taking forever... I don't think it can be done in just a few hours and I'd rather not burn out the computer at this time... I can push it as long as others in the home don't see it is wasting power. Very slow inherent of basic disk performance as you may be able to tell from the previous information from the other forum topic I posted.

 

Maybe turn off the monitor (which is what uses the most power) and allowing the scans to run overnight?

Yes, full scans will take a very long time; however, your only other alternatives are to either employ expert help in examining your system to detect infections that AV and Malware protections may be missing or to wipe the disks and start over - again.

Based on the information you've provided (years of recurred suffering with this problem), I don't think you have that much of a choice because an infected file on one of your other drives may well be reinfecting your System drive each time you access it after formatting the system drive out. It can quickly become a never-ending merry go round. 

In my opinion, the likelihood of you having been infected with anything ancient that could survive a drive format is slim to none. In my view, your recurring problems are considerably more likely to be a result of your own network, saved files, attached external drives, or your web surfing and email habits, just as I stated earlier.

But that's just my take. When it comes to Virus or Malware infections, I will defer to security expert help available on this forum in a heartbeat, but you're unlikely to get the personalised help you need in examining individual processes and services running from a thread like this one. The only way that I know of to get that sort of personalised expert attention at BC is to start another thread in the Virus Removal Help forum, as I suggested earlier. I'm happy to continue assisting you in securing down your network, though, as that's something that I've had a lot of personal experience with, as well as anything else I have knowledge about.

------------ ------------ -----------

@Some-Other-Guy

Did this problem survive a disk wipe?

Yes!

Such a shame. I handed you such an easy out to save face and you go and spoil the opportunity by making an incredibly silly statement like that.

When all you had to do was to be honest and say "I don't know!" again.   

Truth is, you have no idea if the problem has survived a disk wipe because the cause of reinfections may not even exist on the system drive. You have no idea because all you've contributed to this thread is highly unlikely and unsubstantiated doomsday speculation about what 'could be' while making zero effort to actually try and help the OP or to find out the information you claim you would need. So with that being a given and documented fact, the only one giving bad advice around here appears to be you. So far as I can tell, your contributions to this thread have thus far not only been useless to the OP, but also insulting to others who are making an effort to help. Have a little ponder about that fact for a while rather than try to wiggle out of what you've really accomplished in this thread, which in my view, is to only make yourself look incredibly arrogant and silly.

Hope that helps you out.

Cheers, Andrew

Edited by achzone, 19 November 2021 - 09:15 PM.

 You clearly did not learn anything!

 

Oh,i always learn "something",begging your pardon, your technological magnificence,even if its to have a chuckle at peoples unbridled pomposity.

Edited by Wolverine 7, 19 November 2021 - 09:08 PM.

For sure network security and its flaws is a gigantic jungle! The scans are taking forever... I don't think it can be done in just a few hours and I'd rather not burn out the computer at this time... I can push it as long as others in the home don't see it is wasting power. Very slow inherent of basic disk performance as you may be able to tell from the previous information from the other forum topic I posted

It does become a bit of a pain,and takes time to put right, especially when  things get in a bit of a mess,..im sure if you follow Archzone,s excellent t walkthrough's you can secure your computer and network very satisfactorily,.. 

Edited by Wolverine 7, 19 November 2021 - 09:14 PM.

"Truth is, you have no idea if the problem has survived a disk wipe because the cause of reinfections may not even exist on the system drive."

OMG......OMG......STOP!

THATS TOO FUNNY

If there is a re-infection, then it obviously survived a disk wipe

I never said the infection was only on the system

If I ever said that, I would be alleging facts that were not in evidence, as you are doing

Edited by Some-Other-Guy, 19 November 2021 - 09:55 PM.

Fact is,a Bootkit on a home workstation,is extremely unlikely,..Archzone has already given appropriate advice,including returning to the Malware Removal forum,..lets focus on the O.P,s issues my poppet,..