Jump to content

Persistent infection (even after full format andclean install )not detected by any Antivirus or antimalware

Recommended Posts

hi eset support,

my win10x64 got infected some how hence did a clean install but after install as soon i install some program after reboot it agains get infected regardless of the antivirus software installed i have tried atleast 20 times with clean install after format then wiping drives and then installing but this issue comes back. it first causes explorer, control panel, taskmanager to get blocked, like u dont have access to ....

till now i have tried multiple antiviruses like kaspersky(its says its services have stopped working), avast uses 25% cpu but does not detect anything then does not use any cpu its boot time scan does not detect anything and infection is still there, malwarebytes service stops responding and after reboot it is deleted on its own, emsisoft does not install if some how gets installed it does not detect any thing, avira simply stops opening at boot. norton does not detect anything , bitdefender services stop responding it self protect auto disables and intrusion detction stops and can not be enabled, it boot time scan does not work or if it works it does not find anything. for some time i have been constantly facimng this issue, even used this ospwat 40+ antivirus engines to scan no body found anthing. howver i can only run scan when outpost firwall is running fine, but some how now it also gets disabled by malware, i  have turned on Anti leak in it so it asks lot of permissions every time. when it stops working i go to safe mode to reinstall it again only then normal boot mode works otherwise i get black screen only or if explorer loads i have no access to any program as told before.

i also tried eset internet security trial , it was able to work for several reboots but when i thought it will work eset just was not able to run on boot. when install on system at first after update it did not finds any issue. after 3-4 clean reinstalls of system i turned on the hips to interactive mode, so it ask sevarl permissions but as i have also set a password when it tries to give a UAC prompt it does not work ,as any application that asks for admin UAC does not respond.
also sfc /scannow finds and corect integirity issues but some times it give error that it cannnot be repaired.
Autoruns also finds several files that are not verified.

pls let me know how to get this fixed i have this persisstent issue for past sevral months, for past sevral months i have installed ubuntu in dual boot with windows infected and i am using it to send this request for help to you.

I have used paragon HDM to make a virtaul machine of the windows infected system,

pls let me know what steps i need to take to get help in this regard also pls let me know how to run eset scan in safe mode as only safe mode works fine.



Link to comment
Share on other sites

  • Administrators

That could happen if your system was vulnerable to exploits in network protocols and there was another infected machine in the network or the computer was accessible from the Internet. However, since you are using Windows 10, I assume it's fully updated and patched so we can basically rule out that possibility.

To start off, please collect logs with ELC and provide me with the generated archive.
If you can reproduce it, you could try leaving the machine disconnected from the network and see if the issue occurs after some time.

Link to comment
Share on other sites

Assuming the malware is not network based, I would say it's coming from your hard drive.

They are persistent malware that can survive a reformat. Without getting into the "how it is done", I would say you have two choices;

1. Wipe the hard drive versus reformatting it. The wipe utility must be capable of performing multiple low-level passes. The standard to use we refer here in the U.S. is the DoD; i.e. Dept. of Defense, standard. Such wiping can take a very long time. A large drive could take days. Here is a reference to some disk wiping utilities: https://www.techworld.com/security/best-disk-wiping-tools-securely-cleaning-hard-drives-smartphones-ssds-3627310/ . Note that the wipe utility will have to be run from bootable created media.

-EDIT- SSD drives cannot be "wiped" as is the case of HDD. They have to be "erased." Go to this section "Securely Erasing an SSD" in this article: https://www.makeuseof.com/tag/securely-erase-ssd-without-destroying/ . Also note the wording in the alert shown about possible drive destruction.

2. Replace your hard drive with a new one.

If your current system contains multiple hard drives, those also should be wiped or replaced.

Depending what option you chose, you would then reinstall Win 10 on the drive.

Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...