Results 1 to 9 of 9
  1. #1
    ROG Member Array
    Join Date
    Feb 2017
    Reputation
    10
    Posts
    11

    Possibly infected by a virus that affects the Bios

    Hi, I got infected a few months ago. Long story short they can literally see my screen and all my information, clear signals of remote access, etc.
    I already explained aa bit on my orevious pot so want tell all my story again and will just describe my experience on the RVE.
    First off it shows 3 keyboards and like 6 hubs on the bios even when I just have a keyboard and a mouse plugged in. Windows takes around *55 gbs after I install it, 2017 gpu drivers are installed even when I install a 2015 version of windows 10, performance is terrible, seems like Im using a core2duo. Cant use my ocmputer because of this.
    All this is happening since January, tons of BIOS versions tested, always the same issues.
    Today I updated to the latest version. Formatted using secure erase and same results.
    *
    Clearly something big is going on here, either they managed to edit some BIOS modules to work in a malicious way or they changed the firmware of one of the devices.

    Can an Asus employee test a dump of my firmware and see if he/she can reproduce these same issues. Already tried everything since the day Imgot infected and Im still lost.
    Thanks.*

  2. #2
    ROG Guru: Brown Belt Array LiveOrDie PC Specs
    LiveOrDie PC Specs
    MotherboardASUS RAMPAGE VI EXTREME
    ProcessorIntel Core i9 7980XE Custom IHS @ 4.6Ghz 1.221v
    Memory (part number)G.Skill Trident Z RGB F4-3000C14D 64GB
    Graphics Card #1Asus GTX 1080Ti Strix OC
    MonitorLG 4k 43inch
    Storage #1Samsung 960 Pro NVME 512gb
    Storage #2Samsung 850 Evo 1TB x 2
    CPU CoolerEK ROG R6E Monoblock, EK-CoolStream PE 360, EK-CoolStream PE 240, EK X-RES 140 Revo D5 RGB PWM
    CaseCorsair Obsidian 500D SE
    Power SupplyCooler Master Vanguard Series 1000W
    Keyboard Logitech G910
    Mouse Logitech G900
    Headset Razer Tiamat 2.2 v2
    OS Windows 10 x64
    Network RouterNetGear
    LiveOrDie's Avatar
    Join Date
    Dec 2011
    Reputation
    41
    Posts
    1,649

    3 keyboards and like 6 hubs
    The bios sees some USB devices as keyboards its nothing to worry about, there no way a virus can get into your bios only if you have flashed a bios downloaded from other places than asus, but even then windows would see a issue with secure boot.

  3. #3
    ROG Member Array
    Join Date
    Feb 2017
    Reputation
    10
    Posts
    11

    Someone registered my W10 and motherboards serial number

    That explains why I was getting remote accessed' everywhere including webcams being turned on and a restream on a russian website.

    What can I do to clean the previous register's info (Please send me this information to me first) so I can register it myself?

    When I try to register my serial, it says "register null".

  4. #4
    ROG Guru: White Belt Array cekeu PC Specs
    cekeu PC Specs
    MotherboardROG RAMPAGE VI EXTREME
    ProcessorIntel® Core™ i9-7900X
    Memory (part number)GSKILL DDR4 32GB (4*8) F4-3200C14Q-32GTZSW
    Graphics Card #1Zotac RTX 2080 Ti AMP Extreme Core
    MonitorASUS ROG SWIFT PG27UQ
    Storage #1SAMSUNG SSD 970 EVO NVMe M.2 1TB
    Storage #2BARRACUDA PRO (8TB) ST8000DM005
    CPU CoolerCORSAIR Hydro Series™ H150i PRO RGB 360mm
    CaseLian Li PC 011 WXC
    Power SupplySeasonic Prime Platinum SSR-1300PD
    Keyboard Corsair Gaming K70 RGB
    Mouse Corsair Scimitar Pro RGB
    Headset/Speakers Edifier Studio® R1800TIII
    OS Windows 10 Pro

    Join Date
    Jun 2013
    Reputation
    10
    Posts
    109

    You probably bought a used motherboard. Reboot the BIOS and make a new installation of Windows.

  5. #5
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    Probably bought a used computer with a used copy of Win10 installed.

    Disable Remote Access.
    https://www.lifewire.com/disable-win...desktop-153337

    Make sure Windows Firewall is running and properly configured. And make sure all "Remote Access" objects are Blocked unless you actually need to run them.
    http://www.thewindowsclub.com/how-to...ows-7-firewall

    Scan the system to detect and repair/remove all malware, spyware, viruses, rootkits, and other yucky things.
    http://www.pcworld.com/article/24381...indows-pc.html

    Your other option, of course, is a full (fresh, clean) Windows 10 install. But do not start this process until you have backed up all your important data (on some other drive) and you've written down your Windows Product Key. Having clean copies of all necessary drivers/software nearby also helps, especially those which are required to get your computer working well enough to boot Windows and access the internet.
    http://www.techadvisor.co.uk/how-to/...t-key-3632749/
    https://www.howtogeek.com/244678/you...se-windows-10/

    You can reset your BIOS to factory defaults. You can even download and install (flash) a clean version from your motherboard page. But this shouldn't be necessary and (if you don't know what you're doing) could actually cause more problems by breaking things that already work. Write down all BIOS settings you don't understand (or can't easily figure out) before changing or resetting anything.
    The chances of your BIOS being "infected" or "compromised" with some kind of malware or backdoor are virtually insignificant, but you may choose to overwrite it with a clean version anyhow "just to be sure".

    There's other threads online which describe your problem, but they're not very informative.
    https://www.reddit.com/r/Windows10/c...his_microsoft/

    And your final option is to contact Microsoft Support. You might be able to convince them to issue you a new Windows Product Key. Or you may be told there's nothing they can do until you buy a new one.
    Last edited by Korth; 07-14-2017 at 10:23 PM.

  6. #6
    TeamROG Moderator Array xeromist PC Specs
    xeromist PC Specs
    Laptop (Model)Dell Inspiron 15 7567
    MotherboardMSI x470 Gaming Plus
    ProcessorAMD 2600
    Memory (part number)16GB DDR4
    Graphics Card #1GTX980
    MonitorBenQ BL3200PT
    Storage #1Intel 600p NVMe
    CPU CoolerWraith
    Casecustom Antec 900
    Power SupplyCorsair HX1000
    Keyboard Logitech Orion Spark
    Mouse Logitech MX500
    Headset Plantronics 777 with Oregon Aero upgrade
    xeromist's Avatar
    Join Date
    Jul 2010
    Reputation
    294
    Posts
    7,346

    OnlineNow,

    You have been fighting this issue for 6-8 months. You need to take this to a computer repair shop that can do malware and rootkit removal.
    * Support disease research with Folding@Home *

    < < < Click the drop-down above my avatar for my PC specs!

  7. #7
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    (How do you know this issue has persisted for 6-8 months?)

  8. #8
    ROG Guru: Yellow Belt Array
    Join Date
    Nov 2015
    Reputation
    10
    Posts
    154

    Actually your Bios isn't as secure as you think, I've had mine overwritten 3 times requiring a reflash off a stick.

    God bless UEFI.

    Flash your Bios with a USB stick in the port at the back of the machine with the Bios named RE5.CAP.

    3701 is pretty good though it doesn't display the correct CPU speed.

  9. #9
    TeamROG Moderator Array xeromist PC Specs
    xeromist PC Specs
    Laptop (Model)Dell Inspiron 15 7567
    MotherboardMSI x470 Gaming Plus
    ProcessorAMD 2600
    Memory (part number)16GB DDR4
    Graphics Card #1GTX980
    MonitorBenQ BL3200PT
    Storage #1Intel 600p NVMe
    CPU CoolerWraith
    Casecustom Antec 900
    Power SupplyCorsair HX1000
    Keyboard Logitech Orion Spark
    Mouse Logitech MX500
    Headset Plantronics 777 with Oregon Aero upgrade
    xeromist's Avatar
    Join Date
    Jul 2010
    Reputation
    294
    Posts
    7,346

    Quote Originally Posted by Korth View Post
    (How do you know this issue has persisted for 6-8 months?)
    Previous thread:
    https://rog.asus.com/forum/showthrea...kit-on-FreeDOS

    Also, merged the 2 threads created this month on this topic

    @OnlineNow
    We ask that you maintain one thread per issue. This way the people attempting to help you can review the history. You've created 4 threads related to your rootkit concerns which makes it difficult for anyone to help you because you keep starting over. Please use this thread from now on.
    Last edited by xeromist; 07-17-2017 at 05:39 PM.
    * Support disease research with Folding@Home *

    < < < Click the drop-down above my avatar for my PC specs!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •