Kaspersky
Solved

Virus / Malware Takeover. Dedicated adapter not working. [Closed]

  • 22 March 2020
  • 1 reply
  • 153 views

Operating System
    Windows 10 Home 64-bit
CPU
    Intel Core i5 7500 @ 3.40GHz    56 °C
    Kaby Lake 14nm Technology
RAM
    4x8 32.0GB Dual-Channel G.Skillz @ 1066MHz (15-15-15-36)
Motherboard
    MSI Z170A KRAIT GAMING 3X (MS-7A11) (U3E1)    33 °C
Graphics
    GF276 (1920x1080@60Hz)
    LG FULL HD (1920x1080@60Hz)
    2047MB NVIDIA GeForce GTX 1060 6GB (EVGA)    38 °C
Storage
    119GB ADATA SP600 (SATA (SSD))    30 °C
    1862GB Western Digital WD My Passport 2626 USB Device (USB (SATA) (SSD))    30 °C
Optical Drives
    HL-DT-ST DVDRAM GH24NSB0
Audio
    NVIDIA High Definition Audio
Hi, Ive got a virus that persists even after formats, I believe I caught it from my roomate and he recently got his identity stolen, so Im pretty scared.
I was using kapersky internet security and windows 10, upgrading from Home to to Pro when I noticed everything, my main concern is that im being roped into an evil twin situation or at least having my files stolen, or technically shared against my will. 
Theres a few different things ive found out on my own, I have a background in web programming, I understand what shells are and limited cmd-line know-how like diskpart.
Persistence; it persists by a variety of ways that each install each other, or install extensions to central windows services and processes to avoid detection. The main methods of infection are dlls and registries and svchost/ntoskernel-run services that all eventually removes your authority over everything on the computer and then shares out your files.
Methods ive seen are: Binary coinstallers installed in locations where drivers are expected(probably based of hardware) like nvidia drivers. These coinstallers refer to PCI locations as devices with memory storage abilities of some kind(maybe they are virtualized objects in a shell?) There also seems to be a set of drivers installed in an "EFI Shell" and my ethernet adapter settings, accessible from bios, go like this:
Intel Gigabit 0.0 Uefi driver Adapter PBA FFFFFF-0FF. PCI ID ADDRESS MAC etc.
Theres a bunch of VPN and Network Drive / Virtual Drive / Sharing / Remote Administration / Workgroup / Domain Administration - related services and confirgurations set up, so I installed bitdefender and requeted all connections through that adapter be refused, bought a wifi one and built its profile a little more carefully.
However, my X: drive seems also affected, so I really just want someone to help me get a handle on whats happening and what I can do to log/Identify/Prevent/Wipe it.
All my files are saved and backep up, I just need a cleaning procedure for my pc and my and my roomates, and if I should do anything with my cellphones(I have 2 androids) before I go online and hunt out if anything has been opened in my name. 
Im using an administrator account, disabled all others and set up strict firewall rules. Ive installed Kapersky Ccleaner MalwareBytes ProcessHacker Bitdefender and none of them come up with anything please help!

Another frustrating thing is the secure network adapter that internet security installs dosent seem to work so im stuck using the “hijacked” one! If I could have one working for wired or wifi, or maybe a VPN included with a 300$ subscription called internet security, Id love some answers or some help, weather community or company.

icon

Best answer by Flood and Flood's wife 22 March 2020, 05:31

View original

This topic has been closed for comments

1 reply

Userlevel 7
Badge +11

Hello @The Ennd

Welcome!

Please contact Kaspersky Technical Support, they’ll require: 

  1. Device operating system version & build?
  2. KIS version & patch(x)? x=letter.
  3. Detailed history.
  4. Full screen images.
  5. GSI & Windows Logs
  • Note, if multiple devices are affected, please provide the above information for each device, also, if Androids are affected, please include an AIDA64 report for each Android.
  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will communicate with you, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.

Thank you:pray_tone3:

Flood:whale: