This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
I've been trying to deal with an ultra serious infection in my PC for some time now. My laptop is thinkpad Gen 2 T14 20XW, and has Windows 10 home edition installed in C drive (the other hard drive is for data storage.) Signs of infection include irregular fan noise even when CPU usage is low and no apparent program is running, the cursor going haywire and jumping to the edge of the screen randomly, windows/tabs closing by themselves, and network failures.
When I open up Local Security Policy, there's a strange (remote?) user with SID ending in "551" that is permitted to among other things, remote shutdown PC, Backup files, and skip traversal check. Strange users also appear in the security settings of some system files. Crucially, remote registry appear to permit changes in the CurrentSystemControls branch, which includes spooler service. I have done a couple of OS reinstalls using the default recovery environment, and using a bootable USB drive, have formatted all disk partitions, but the virus persists, as demonstrated by local security policy settings. Msconfig shows that the PC is only booting with necessary and user-specified services, and boot options remain the same after reboot. Infection might have happened through WLAN network, and the virus may be present in the boot sector (.efi file?), because the irregular fan noise is also noticeable when entering BIOS setup utility. In addition, the system warns "stack overflow" for "Settings" when in safety mode.
Help is very much welcome. Because of the advanced nature of this virus, normal anti-virus programs are unable to detect it. I would like to know if I need to contact the manufacturer, and what steps I should follow.
Sincerely,
Bill
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Hi, I’m Nicole, I’ll be happy to help you out today.
Usually, with this kind of infection, it is advised to clean install Windows, and wipe drive C in the process. But in the event that the virus might be lingering on your network, it is best to consult this other forum where IT professionals are present and this is the intended audience for these types of queries:
https://learn.microsoft.com/en-us/answers/quest...
Regards.
