Malware That Can Survive OS Reinstalls

CB · 11 Oct 2020

It reminds a little annoyance at my office PC last week.
Few times in a day my browser (Chrome) creating new tab with address line like swebgames.com or something. Initially I didn't suspect anything. Checked up with Defender, nothing was found. But through task manager I noticed there was an app like wup.exe. Tracked it down, it was activated using scheduler. It appeared again everytime killed and deleted. Later I find it was able to create some files and folders exclusions. All I did just reverse back to 2 week of restore point and got it cleaned.
I didn't dare suspecting anyone about the matter because only my boss use to grab my PC.

Trust_No1 · 11 Oct 2020

pericles said:

Has it been stated/discuss if this malware can be identified with a scan by AV ?

I think
TDSSKiller was developed by Kaspersky Lab
is the utility for such removal...

again, this is old news rehashed maybe?

jimbo45 · 11 Oct 2020

Hi there

Please don't take this wrongly - but seriously all sorts of stuff can emanate from some of those economies like Indonesia, Vietnam, China etc -- I've been using Windows since Windows 3.11 so a long time - and I've never found anything remotely suspicious coming from places like Japan etc so some of the more dubious practices do seem to come from some of the other far less developed economies of those regions.

I think provided you keep your HOME computer regularly updated with the appropriate security fixes etc you should be fine -- once you start logging on to some "dubious games or gambling sites" etc then "all bets are off" as they say in Horse Racing parlance.

Anyway I'm not (probably to the relief of loads of readers to this thread) going to add to any more comments to this thread.

Just remember what some quite wise US president said - can't remember which one - Nothing to fear but fear itself - probably Roosevelt - I'm sure somebody from the States will confirm or supply the correct answer.

Cheers
jimbo

SoFine409 · 11 Oct 2020

jimbo45 said:

Hi there

Please don't take this wrongly - but seriously all sorts of stuff can emanate from some of those economies like Indonesia, Vietnam, China etc -- I've been using Windows since Windows 3.11 so a long time - and I've never found anything remotely suspicious coming from places like Japan etc so some of the more dubious practices do seem to come from some of the other far less developed economies of those regions.

I think provided you keep your HOME computer regularly updated with the appropriate security fixes etc you should be fine -- once you start logging on to some "dubious games or gambling sites" etc then "all bets are off" as they say in Horse Racing parlance.

Anyway I'm not (probably to the relief of loads of readers to this thread) going to add to any more comments to this thread.

Just remember what some quite wise US president said - can't remember which one - Nothing to fear but fear itself - probably Roosevelt - I'm sure somebody from the States will confirm or supply the correct answer.

Cheers
jimbo

Hi jimbo, you are indeed correct. It was Roosevelt’s first Inauguration speech.
“So, first of all, let me assert my firm belief that the only thing we have to fear is...fear itself — nameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance.“

Phone Man · 13 Oct 2020

Quote from article:

To remove the malware, Kaspersky Lab said a victim would need to update a motherboard's firmware to a legitimate version.
In Kaspersky Lab’s case, the company discovered the UEFI-based malware thanks to the company’s firmware scanner, which it began implementing last year.

If Kaspersky can do a firmware scan to find the problem then other AV should be able to do it also.

Jim

IronZorg89 · 13 Oct 2020

Phone Man said:

Quote from article:

If Kaspersky can do a firmware scan to find the problem then other AV should be able to do it also.

Jim [/FONT][/COLOR]

Totally agree with you and that makes this discovery by Kaspersky's lab almost a non-issue, because Microsoft Defender by means of updates can also thwart the problem.