Infected system/BIOS? - reinstalling OS and formatting drive did not resolve issue

PeterQ94 1 Reputation point
2022-01-19T00:12:14.477+00:00

Dear Sysinternals Community,

I am new user and I will soon use Sysinternals tools for first time. I have problem on my local network. All devices strange behavior and looks infected. I reinstalled OS (Windows 10) and wiped SSD drive with diskpart and clean all command. I had GPT partition. If it will be bootkit diskpart utility should killed it? I afraid that this can be rootkit. Of course any antivirus can't detect anything. I think that this can be firmware infection. So my question is. Should I update my Bios? Or if my system works strange and malware can be there updating bios in windows can be risky? If I wiped my SSD drive and reinstalled OS is there any malware which could survive and it is not malware related to hardware firmware?

Any sysinternal tools can detect firmware malware?

I hope that you can answer.

Thanks!

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,075 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Philippe Levesque 5,681 Reputation points MVP
    2022-01-19T04:30:04.17+00:00

    Hi

    BIOS virus is extremely rare. I would check to be sure no hardware components are faulty IMO if you have seen strange behaviour, even on a fresh install.

    You can install without a network connection ON if you think something can infect your computer, just make sure you use a clean ISO to install Windows. (https://www.microsoft.com/en-ca/software-download/windows10)

    0 comments No comments

  2. PeterQ94 1 Reputation point
    2022-01-19T22:04:35.42+00:00

    Hi, I know that BIOS virus is rare but I think that this was firmware level attack. Why? I tried Linux operating system on my old machine because this machine can't run Windows 10 due to low performanve (old hardware). In this same time I sended my HDD to manufacturer (warranty). Manufacturer lost my HDD but this returns to me without repair and my mistake was that I plugged to my PC because I think that this was infected by 3rd person. Second option is that my Linux OS was not secure because more exploits and bugs is there.

    My old computer worked perfect to the time when I plugged this HDD and run Linux. I thinked that Linux was problem and caused bugs in firmware. I didn't think that this was malware but I bought new computer and I have now similar issues after connect to my network so my router was also infected.

    0 comments No comments

  3. PeterQ94 1 Reputation point
    2022-01-20T22:17:46.247+00:00

    Today, I tried update BIOS after reinstallation OS and wiped drive. This even work worse now. Now every file I downloaded from network seems be modified. I tried download Mozilla Firefox for example and Microsoft Edge told me that file is not secure. So I checked hashsum of the installer file and it is different than this one of the Mozilla repos.

    So I have now 100% sure that my machine was hacked.

    I tried sysinternal tools and I found some strange entries in autorun tools for example but I googled and these probably are common.

    0 comments No comments

  4. PeterQ94 1 Reputation point
    2022-01-24T22:38:30.383+00:00

    Dear Sysinternals Community,

    I am sure now that all devices on my network are infected because all downloaded files have wrong checksum SHA256. I tried reinstalling OS and I wiped my SSD drive like I mentioned before. How I can do more to fix this issue? If it will be firmware attack is it option to repair this by using this computer?

    I hope that you can help.

    0 comments No comments