Posts: 7 +0
Hi, I've tried a lot of things but am unsure of how to fix this one. All my farbar scans come up with nothing flagged but what happened on my initial PC was I was being put into shells where the malware used my own graphics card against me. It then behind the scenes installed malicious drivers for all of my drivers. Re-writed alot if not all of my .DLL files even the windows 10 native files and essential services. The MD5 hashes are even considered legit when they are in fact malicious files. It infects silently and uploads/downloads from a cloud or something similar by using WIN 10 permission escalation eventually encrypting the files. I have tried BIOS flash, USB flash, etc. With no luck, somehow the malware just keeps coming back even after formatting drives with AOIMEI Partition Assistant 2022. It changed all the registry keys, etc etc. It changed a whole bunch of things. I will send the logs I have here now. I have disabled administrator / defaultuser0 / Default Account / WDAUtilityAccount and left my own profile alive. I changed permissions on folders that trustedinstaller had control of to try and limit the escalating privileges and even tried using icacls $env:windir\system32\config\*.* /inheritance:e command in prompt with no luck. All of the drivers that the malware installed are greyed out on the uninstallation/disable parts. The malware uses windows media player to read binary files like an artificial intelligence. It also reads all other kinds of files using windows media player and other things. It manages to take over and "update" legitimate services with malicious code. It uses the search function to do its thing. The craziest thing is being put in a shell by the graphics card where it looks like I'm on a normal desktop but I'm not. It ends up locking partition tables in its more advanced later phases rendering them unusable. The firmware BCD settings were changed or modified and a whole bunch more. Somehow the firmware modifications through the motherboard are keeping persistence. I will post my logs in the next comment. Not sure if anyone can help. I feel like it will be a million years before this one gets solved lol.