Need Help with Malware Through My Router


#1

Was hit with malware through a router, factory reseted, did a clean install, flushed the electrons to zero with parted magic, started to reinstall everything, shored up the router by securing it in every way possible at my disposal, but even when the wifi is off, ports are blocked all, virus anti Mal program picks up new attacks, which doesn’t seem possible but the updates keep coming, stuck with computer because upgraded it to its capacity, stuck, have to use the router even though seems it is still not capable of blocking whatever is doing the malware, , secured the router on whatever info I read up on, wondering if the hard drive could be installed again on another computer of if the computer is just done, or if I flush again on the new hard drive with parted magic on another computer if it would be safe ,
but just seems like something is rooted in the ssd drive or computer itself, even when all outgoing ports are blocked, and have important files I need to reinstall, but really can’t, and when the malware began just had basic windows defender, kinda stuck , tinkered around in the beginning, which might have started the mess, but did a reset on the router, secured the mistake, to the best, but still crap, and need to reinstall stuff, probably not a right answer to this, but throwing out there…


#2

What is the name of the malware that has re-infected the system after the clean install?

Do a clean install without any network connection and no other storage devices connected and see if the malware comes back.

If it does come back after a clean install with a wipe of the disk then the malware is in the BIOS/UEFI storage of the motherboard.


#3

That would certainly be the main question.

What is the malware doing to your computer? Did you find out about the malware because something wrong is happening on your computer, or did you just find out through a malware scan? What did you use to scan for malware? Could it be a false positive?


#4

If you truly did all that – including clean install (presumably of Windows OS) - then chances are the malware got into BIOS?? Which means need to flash BIOS? Except your ports are blocked - so presumably your device can’t even reach out to the internet? Maybe use another device to download the BIOS firmware. Then load, reboot and (if successful) reinstall OS, apps, and data again, from scratch?

If the above doesn’t work, then maybe need to buy a new setup – new computer and new router/modem?


#5

malware bytes picked it up, was saying dangerous website, malware / ransomware blocked, phishing blocked, but I wasn’t visiting any websites, was attacking the file folder itself, though a port, but this was when I went into windows and blocked the outbound ports, that this happened , or after turned the connection back on, but seemed to flash the warning when the ports ere blocked.

what to do if the malware is in the bios / uefi of the motherboard, and can I ever use this hard drive again , or should I toss …


#6

malware bytes picked up, was saying dangerous website, malware / ransomware blocked, phishing blocked, but I wasn’t visiting any websites, was trying to get in the file folder itself, or connecting to the file, but this was when I went into windows and blocked the outbound ports, that this happened , or after turned the connection back on, but seemed to flash the warning when the ports were blocked. Couldn’t be false positive, happened at least dozen times

also another virus program was saying the ports / router has large attack surface, tried to secure the router, but obviously didn’t seem to work


#7

how to download bios firmware? or flash the bios? maybe scrap the hardrive too? even after a erase and magic wipe, perhaps


#8

OK you have no idea what has infected your PC and how it got on the PC.

Without narrowing down the possibilities it’s impossible for me to give advice.

If you want to narrow down the possibilities follow these steps in this exact order and don’t do anything extra. Don’t install any software, don’t change any of Window’s default settings.

  1. Disconnect the PC from the network
  2. Disconnect all external storage devices
  3. Insert the Windows installation media
  4. Do a clean install of Windows
  5. Use the PC, let it run for a few hours and see if you get any virus/malware warnings

After doing these steps come back and let us know if you saw any virus/malware warnings.


#9

On a different computer, do a search for the BIOS firmware for the model of your infected computer, download, and copy to a flash drive or SD card. Now go to your infected computer, make sure it’s not connected to the internet. Turn on that infected computer, insert the flash drive or SD card, run the downloaded firmware, and follow instructions. That’s called ‘flashing’ BIOS (which isn’t much different from installing a software).

[EDIT] I agree with Paul Hutchinson above. Do the BIOS thing only after you’ve already followed the steps Paul outlined in his thread above. To sum up, you should:

  1. Make sure the malware isn’t in Win OS by reinstalling the Win OS (per Paul).
  2. If after doing (1) you still get effects of malware, then you turn your focus to BIOS - flash it - and then reinstall Win OS.

Hope this helps.


#10

also was writing text on screen, window apperared to slightly change, and the words got smaller, not sure if that was key logging or if somehow they were trying to view the text, no idea the level of skill that would take, but I swear I saw that unless I was hallucinating, happened a couple times I saw that, or if a camera was being used to view somehow, and how to defend against that