Pig of a Virus Today.

[Formaleins]

I kind of thought I had my computer protected, I run Windows Defender 24/7, MBAM which are all up to date and now and again I run Adware anti ad software. My PC is running latest Win 10 and the BIOS is up to date as of only last month.

The BIOS is set up with secure boot, CSM is OFF, and I believe all the secure keys are in place. Even the graphics card is UEFI.

Well, I ran some software today that was supposed to be Nokia Suite and it turned out to be some damn virus. Why it was able to run was the first thing that got me, but within seconds it had added Facebook rubbish, installed Opera and a number of other Anti Virus and anti Malware packages. It then changed my default browser to Opera and totally disabled my Bluetooth, to the point where Windows reckoned my PC had no Bluetooth Capability.

 

I wiped the junk off and decided to go and check the BIOS to make sure Bluetooth was still enabled.

 

When I go to enter the BIOS, this damned thing has gone and installed a BIOS password, which looked to be a real password, as soon as I try to enter the BIOS it asks for a password, three attempts and everything locks up.

 

I could not find the actual virus using any of my current software, but it did pull out hundreds of PUP junk which I removed.

 

All I was able to do in the end was to go in and clear the CMOS (My MB has a clear CMOS button) After that I was able to get back in and spend about two hours resetting all of my overclocks and voltages back to where I had them, pretty pi$$ed by this time though.

 

Anyway, I got it back up and running, I have ran a complete scan with MBAM and Defender and then cleared out all the dross with CCleaner and cleaned the registry. 

 

It appears to be running OK, but I am not 100% convinced as I have not seen the name or description of the actual virus.

 

Does anyone have an idea as to what is the best course of action here, what is the best thing to run to make sure it is cleared out and what can I put in place to stop it happening again? Like I said earlier, I thought I had myself covered as I have never had a virus get on here for years.

 

Any help is appreciated, cheers.

[bartender100]

The only one that ever works for me is Malewarebytes, i had a terrible one on an old Windows 7 its cleared the lot off, its excellent, they have a free 30 trial

 

https://www.malwarebytes.com/

[Formaleins]

Just now, bartender100 said:

The only one that ever works for me is Malewarebytes, i had a terrible one on an old Windows 7 its cleared the lot off, its excellent, they have a free 30 trial

 

https://www.malwarebytes.com/

Thanks, that is what I am already running (MBAM)

[BigT73]

cc cleaner is good too,  when you were installing the nokia suite you should have been able to chose not to install these sometimes its tricky.

A better option before you install is to backup pc in windows and if something goes wrong you can restore it.  You may be able to do it now if windows is doing the auto backups.

[Formaleins]

8 minutes ago, BigT73 said:

cc cleaner is good too,  when you were installing the nokia suite you should have been able to chose not to install these sometimes its tricky.

A better option before you install is to backup pc in windows and if something goes wrong you can restore it.  You may be able to do it now if windows is doing the auto backups.

Unfortunately I have  never had Windows do any sort of backup or restore correctly and I have been using it since 3.1

I usually ended up having to do a fresh install as Windows always seemed to screw everything up anyway. I have for the past 3 years been using Macrium Reflect to image my important stuff which usually included the System Drive, but, as complacency sets in (I have been running on Windows Pre Release Evaluation Software for two years without a hitch) and I let it slip and even deleted my saved images to "save space" when I am sitting here with over 8TB of FREE HARD DISK SPACE!!!! - Yes stupid I know!

 

Anyway, I use Ccleaner and MBAM regularly along with Defender. I have just finished what was a 3 hour scan with MBAM, no problems found, and things seem to be OK. What worries me is why even with all of this supposed protection on the machine, was this junk able to hack it and run?

 

I have downloaded another version of Nokia Suite, which looks to be a more secure version (CNET) but I still haven't got the bottle up to actually run it! It has been scanned and says it is clean...….. At this time of night I am not a gambling man.

[BigT73]

3.1 was all about solitaire haha.  Yea I usually go the reformat route, just feel more comfortable that way.  I do find the cleaners miss files and folders but seeing the software installed doesnt look like malware but more like freeware you should be fine.  It is sneaky how they do it.

Goodluck!

[chrisinth]

On 10/23/2018 at 12:30 AM, Formaleins said:

Unfortunately I have  never had Windows do any sort of backup or restore correctly and I have been using it since 3.1

I usually ended up having to do a fresh install as Windows always seemed to screw everything up anyway. I have for the past 3 years been using Macrium Reflect to image my important stuff which usually included the System Drive, but, as complacency sets in (I have been running on Windows Pre Release Evaluation Software for two years without a hitch) and I let it slip and even deleted my saved images to "save space" when I am sitting here with over 8TB of FREE HARD DISK SPACE!!!! - Yes stupid I know!

 

Anyway, I use Ccleaner and MBAM regularly along with Defender. I have just finished what was a 3 hour scan with MBAM, no problems found, and things seem to be OK. What worries me is why even with all of this supposed protection on the machine, was this junk able to hack it and run?

 

I have downloaded another version of Nokia Suite, which looks to be a more secure version (CNET) but I still haven't got the bottle up to actually run it! It has been scanned and says it is clean...….. At this time of night I am not a gambling man.

The problem as I see it, is that it probably didn't download a virus per se, but you did give Nokia Suite permission to install additional programs during installation which have messed up your confuser for you. When installing programs like this, always use the custom install option (wording may be different) if available and only download from the program's homepage/website. The custom install option will let you see what else is going to be installed and will give you a chance to un-tick it before proceeding.

 

If that option isn't available (custom) either make a restore point before continuing or update your image backup. PITA I know, but better being safe than sorry and gives you an easier choice to get the machine back to normal.

[KneeDeep]

What were you thinking?? If you are going to install and run a program about which you are not sure, use a Sandbox; https://www.sandboxie.com

 

If all ok after testing it in the SandBox, then you can delete the SandBox and all traces will be gone. Then you can install the program normally. It's clear this one would not have passed the SandBox test.

[Pepper9187]

Hum weird story.

 

So the program installed tons loads of crap on your computer, so far so good (classic!), but the bios password i wouldn't be so sure that the virus did that, usually this virus / malware are annoying but they are cheap viruses.

I'm a bit I.T outdated now, but i'm not even sure that common viruses can setup a Bios password.

 

Anyway you can never be sure a virus is 100% removed, but like i said that was probably a common cheap virus, if you want to be sure :

 

1) Check what programs are launched as startup + check what services + Check what scheduled tasks and kill the virus / remains from there.

1.1) Install malware byte free and full scan your system (that tool is suprisingly pretty strong).

1.1) Install some USB / DVD boot anti virus software, boot from the USB support and scan your system.

1.2) Do online scans via kaspersky / bitdefender

1.3) Run command prompt in admin type sfc / scannow (system files integrity check / repair)

 

 

2) If after that you still suspect the virus to be here, just create a new windows local account (because most of the cheap viruses attacks only your local windows account, once you create and use a new one they'll be turned off) migrate your personal data / delete your old account.

 

3) If by any chance you still think there's a virus ruining around around you can download a MS windows ISO from their website and reinstall windows (select "upgrade"), that will erase - re-install all the OS core files (but technically SFC /scannow is already checking that one, except that it will replace corrupted local files with a copy already stored on your HDD and not from an external source).

 

4) If you still think after that ... just format your HDD, but that's extreme.

 

 

Off topic tip, turn on windows UAC (user account control) can be annoying but can also save your life.