Digitalis

Thank you for taking an interest in this case svl7, I know you are one one of the brightest minds around, thats comforting, my setup is: Win: MSI Global B85-G41 PC Mate Cpu Intel i5-4670 3.7ghz 16gb ram cd-rom Titan gpu I was finally able to install windows on one of the infected" drives after wiping it(both mbr and disk) with the manufacturer's (HGST) special software, I thought everything might be back to normal, but I soon discovered that it was still infected, as the windows install took ages, and the reboot time into win 7 professional takes 15 minutes (thats probably 12 minutes extra) and when the windows finaly has started up, the virus has cleverly disabled the services needed to run as administrator, this is on a totally clean install on a thoroughly wiped disc, so I conclude that these symptoms suggest a persistent infection, most likely in the bios, but also possibly in the hard-disk firmware, or cd-rom firmware. I have a PhD in AI programming on the Gpu, so I'm not a total novice, but this case makes me feel like a noob, thus I realy appreciate anny ideas / help. I know that a persistant firmware infection is highly unlikely and very rare, but it is the only explanation I have for my brand new hardware, that used to work great, now is slow as hell with strange bugs and behaviour, the newly installed win 7 professional 64 is to slow and buggy to use, it barely boots up.

I have found 2 other people with the same type of persistent infection: https://forum.truecrypt.ch/t/truecrypt-helped-me-catch-nsa-firmware-backdoor/421/8 As the infection is at the firmware level, below the os layer, it works with all os'es, and is not necessarily detectable by file scanning. Also if the malware code resides in both in the cd-rom firmware, hard disk firmware, and the Bios, its difficult to flash without reinfection from the still infected parts. Those who believe this is not possible, should jump straight to the reference section and read those. I believe this can soon be a huge problem, thus we should seek to solve it. These are the main symptoms of this infection: Booting the pc now takes 3 to 10x longer time, probably caused by malware in bios. Windows 7 disc install on wiped hard-disk: acts weird and hangs for a long time during install, and ends up giving the disk is not bootable and that Windows can't be installed on this disc (even though it is recognized by Windows and in the BIOS). When trying to a fresh install of linux mint, the disk is reported as faulty by linux. The disk is reported to be healthy when scanning the disk for errors and using the SMART. Here is what I believe happened to my system: My win 7 64 install became infected by a game trainer that used an exploit to gain root/adm privileges, it rewrote the bootloader code, and or hard disk firmware, so that it at next boot could infect the bios by reflashing it with hostile code. So far neither flashing the bios with a fresh image from msi, nor wiping the disk including the mbr, has had any effect, the infection still persist. I also ran a full memory test on the ram and its healty. Anyone have ideas on how to fix this ? Anyone else with this problem ? Here is what I will try: Bios: Test if the bios is comprimized with Copernicus. Computerzz helper: Copernicus MITRE BIOS Security Se if repeated bios flashing from a CD can clean it. If it gets clean and then gets infected after booting a ram boot os, then some other device firmware is infected, like the cd-rom, if not then its clean. Hardisk: Use hitachis disk erase tool on mbr and disk. The "Secure erase", a function built into modern ATA hard drive. https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase Send disc back to hitachi for firmware flashing. This is the only known solution I've heard of: "The only way to get rid of the malware is to shut down the computer and manually reflash every peripheral, a method that is impractical for most users because it requires specialized equipment and advanced knowledge." Researcher creates proof-of-concept malware that infects BIOS, network cards | Computerworld References ; Persistent infections; Hardisk firmware malware: http://s3.eurecom.fr/~zaddach/docs/Recon14_HDD.pdf Usb firmware malware: Ironkey | Blog : Standing Room Only: BadUSB at Black Hat Bios firmware malware: http://www.coresecurity.com/files/attachments/Persistent_BIOS_Infection_CanSecWest09.pdf Meet incident response - Malware that can survive BIOS re-flashing - Information Security Stack Exchange #badBIOS | Security Art Work Pci firmware: Proof-of-concept BIOS malware can hide in PCI firmware - FierceCIO:TechWatch http://www.toucan-system.com/research/blackhat2012_brossard_hardware_backdooring.pdf