- Dec 5, 2018
- 12
Hello,
so about 3 weeks ago my computer got infected with several trojans from a fake server on Counter-Strike 1.6 from connecting directly through IP. Right after "connecting" to this server my antivirus (Microsoft Defender) announced my computer was infected with 2 trojans. After quarantining and deleting the discovered trojans with Defender, I ran Malwarebytes scan which discovered 2 additional trojans, which I also quarantined and deleted.
After doing this I tried running system reset through Windows 10 and then installing "clean" installation from a USB stick I had burned a system image before. During the installation I deleted all my partitions, installed Windows to the SSD and after getting to Windows, formatted both HDD partitions with Windows. After that I ran Kaspersky and Malwarebytes' scans which didn't find any problems so I thought I was in the clear.
In summary, my internet connection's been cut twice by the service provider for having a computer controlled by criminals in the network. After contacting the provider, my roommate (internet's under his name) was told the infected device was sending out brute force SSH attacks or something of that sort. Also I noticed that while playing online my internet would randomly cut out.
Microsoft Defender offline didn't find anything and trying to make changes in registry gave me errors that I didn't have permission.
At this point I'm unable to provide logs since after the second time my internet was cut, I ran Windows reset, disconnected my computer from LAN (desktop with no Wi-Fi adapter so it's offline) and disconnected both my hard drives from the computer.
My initial idea was to run DBAN on my HDD, install Windows from a clean image to the HDD, then install Samsung Magician and run the SSD wipe with it to clear both drives. I'm no professional and don't want to risk running an infected computer any more, so decided to ask for some advice on how to proceed. (Also haven't managed to get DBAN to the USB on my Mac to run it so far)
so about 3 weeks ago my computer got infected with several trojans from a fake server on Counter-Strike 1.6 from connecting directly through IP. Right after "connecting" to this server my antivirus (Microsoft Defender) announced my computer was infected with 2 trojans. After quarantining and deleting the discovered trojans with Defender, I ran Malwarebytes scan which discovered 2 additional trojans, which I also quarantined and deleted.
After doing this I tried running system reset through Windows 10 and then installing "clean" installation from a USB stick I had burned a system image before. During the installation I deleted all my partitions, installed Windows to the SSD and after getting to Windows, formatted both HDD partitions with Windows. After that I ran Kaspersky and Malwarebytes' scans which didn't find any problems so I thought I was in the clear.
In summary, my internet connection's been cut twice by the service provider for having a computer controlled by criminals in the network. After contacting the provider, my roommate (internet's under his name) was told the infected device was sending out brute force SSH attacks or something of that sort. Also I noticed that while playing online my internet would randomly cut out.
Microsoft Defender offline didn't find anything and trying to make changes in registry gave me errors that I didn't have permission.
At this point I'm unable to provide logs since after the second time my internet was cut, I ran Windows reset, disconnected my computer from LAN (desktop with no Wi-Fi adapter so it's offline) and disconnected both my hard drives from the computer.
My initial idea was to run DBAN on my HDD, install Windows from a clean image to the HDD, then install Samsung Magician and run the SSD wipe with it to clear both drives. I'm no professional and don't want to risk running an infected computer any more, so decided to ask for some advice on how to proceed. (Also haven't managed to get DBAN to the USB on my Mac to run it so far)
Last edited:
