Kaspersky
Question

Suspicious activity on my laptop

  • 13 February 2021
  • 1 reply
  • 43 views

From last 2 weeks I have observed suspicious activity going on in my Laptop. Here are the symptoms/sequence of events happening and few things I tried but nothing seems to Work.

 

Note: I have Dell Inspiron 15 series Laptop and I have Win10 Home on my laptop.

 

Sequence of events:

  1. Suddenly 2 weeks back while working, my laptop got hanged. When I restarted to recover from hang, it started asking for BIOS System password which I had never set before. Somehow after trying many attempts, fortunately my Laptop User account user name it took as BIOS system password. Upon entering BIOS system password, it prompted for HDD password which also, I never set. Somehow I entered the same my laptop user account name as password and it took that.  Now with every boot it asks for BIOS system password and HDD password.
  2. Since I was able to proceed by entering password, I did not bother much initially. However, after few days, i started noticing some suspicious activity on my Laptop:
    • I see that some unknown email accounts get added as administrator account under Start->Settings->Accounts->Your Info.
    • Also, the same unknown email account is added under Start->Settings->Accounts->Email and app accounts
    • I noticed that the same unknown account was added to one drive.
    • I removed these accounts from all places mentioned above. However, after few hours of using the laptop, again i see that same unknown account gets added as administrator account.

     

Actions I have taken:

So, i suspected that this is some malware got into my system. So i tried below things to recover:

  1. Ran Windows defender quick scan - Nothing found
  2. Ran Kaspersky total security scan - No thread found
  3. Reset Laptop to factory defaults. After resetting, again started showing same symptoms as described above
  4. Downloaded Recovery image from Dell site for my Laptop serial number and tried re-installing the image from USB. After re-installing the images, again started showing same symptoms as described above.
  5. Tried downloading Win10 Home from Microsoft website and then installed on my laptop. While installing i formatted and deleted all partitions. After installing Win10, again started showing same symptoms as described above.
  6. One other thing I observed which makes me think that malware is not getting erased even after i re-install complete OS. I observed that after re-installing Windows 10, I did not at all configure my wi-fi neither i connected to LAN at all. I disabled the Wifi from taskbar. I just left the laptop as it is. After some time i noticed that wi-fi automatically got enabled and trying to connect but it could not connect since i have not configured password at all. I again disabled wi-fi and left. Again after some time, wifi gets auto enabled and starts trying to connect.
  7. I tried running Windows Defender offline, but it runs till 91% and then system restarts. I do not see it ran completely.
  8. Since the malware is not getting eradicated even after reinstalling OS, i tried to reset BIOS to factory defaults. However, when i went to BIOS, it shows that BIOS is locked and i need BIOS admin password to unlock which i have never set. Note that to unlock BIOS, its asking for BIOS Admin password which is different than BIOS system password which i mentioned earlier. I went to Dell service center with the hope that they can reset BIOS admin password. But they told they cannot reset BIOS admin password and told me to replace entire motherboard and hard disk.

So, now i am not sure how to get rid of this malware. Any help/suggestions would be really helpful.


This topic has been closed for comments

1 reply

Userlevel 7
Badge +8

@ar.saurabh.3601 Welcome.

Your best option is to submit your issue to Kaspersky Technical Support :
https://my.kaspersky.com/techsupport#/requests/new