Solved Virus remain after format [Moved by Staff]

Status
Not open for further replies.
icotonev

icotonev

Super Moderator
Verified
Staff Member
Mar 9, 2017
536
In fact, I now see that in 2022 you had the same problem:

malwaretips.com

Advice Request - How can malware remain on PC after I format my HDD?

How can a virus remain in the system after formatting the whole HDD? What are the types and how to remove them? I'm asking because my pc is infected with fully undetectable remote access trojan. Who remain after re-installation on my operating system.(with media created on clean pc of course)...
malwaretips.com malwaretips.com

Are you kidding me..? Already two years ago, they explained to you how to proceed... Why are we dealing with this problem again now..
From the logs you provided for me, there are no indications of malware in the system...!
 
  • +Reputation
  • Wow
  • Like
Reactions: kylprq, Shadowra, Trident and 6 others
R

roger_m

Level 42
Verified
Top Poster
Content Creator
Dec 4, 2014
3,131
Strike said:
Ok,but please don't close my topic.
Maybe someone can help me with my issue. :)
Click to expand...
I'm curious as to what makes you think that you have some undetectable trojan on your computer? I just looked at your original thread about this from two years ago and when I look at the VirusTotal link you posted and it shows that the file you uploaded is clean.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
Quite possibly when you first scanned it, one or two scanners detected some malware. However some of the lesser known antiviruses and AI based scanners, have lots of problems with false positives, whereby they often identify clean files as being malicious. I can only presume that the file was detected as being malicious due to false positives, which have now been fixed.
 
Last edited:
  • Like
  • Hundred Points
  • Applause
Reactions: icotonev, simmerskool, Trident and 4 others
S

Strike

Level 1
Thread author
Jun 12, 2022
23
roger_m said:
I'm curious as to what makes you think that you have some undetectable trojan on your computer? I just looked at your original thread about this from two years ago and when I look at the VirusTotal link you posted and it shows that the file you uploaded is clean.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
Quite possibly when you first scanned it, one or two scanners detected some malware. However some of the lesser known antiviruses and AI based scanners, have lots of problems with false positives, whereby they often identify clean files as being malicious. I can only presume that the file was detected as being malicious due to false positives, which have now been fixed.
Click to expand...
I'm sure it's RAT, because i still fighting with the infection more than 2 years. :)
Well,it seems the MBR is clean.
But,i'm not sure where exactly it remains..
The problem is that i still don't have any firewall/av detection to proof it.
 
  • Like
Reactions: Trident
Brahman

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
885
1. Install yogadns. Run it in Windows Service Mode ( since this will enable yogadns as soon as the windows starts and there will not be any dns bypass) with nextdns doh and enable logs. Now you can see all your dns queries your system makes and check for any unusual address in logs to prove or disprove your RAT theory.

2. Or you can use A Mikrotik router, connect your system to it and use " torch" function to analyse out going traffic and it will look like this.....

torch.png
 
Last edited:
  • Like
Reactions: Stopspying, icotonev, simmerskool and 3 others
brambedkar59

brambedkar59

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,097
Strike said:
I'm sure it's RAT, because i still fighting with the infection more than 2 years. :)
Well,it seems the MBR is clean.
But,i'm not sure where exactly it remains..
The problem is that i still don't have any firewall/av detection to proof it.
Click to expand...
How do you know that your system is infected with a RAT or any other type of malware?
How did you rule out any hardware issues?
 
  • Like
  • +Reputation
Reactions: icotonev, simmerskool, roger_m and 1 other person
Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
RAT persisting a reformatting of the hard drive is very unlikely. Attackers change tools, tactics and techniques, as well as CnC server, so using the same malware for 2 years is unlikely as well.

Do check for bios updates using your PC/Laptop manufacturer website tools and flush the UEFI firmware. Simultaneously with that, reformat the hard drive. Be very cautious about pirated software from Zamunda (Bulgarian torrents) and similar websites. Only install reputable software from trusted vendors.
It may be that something you download from dodgy sources has been repacked to include a RAT. Upon reinstalling, you download this software again and this is how your device gets infected.

I highly recommend that you take the device to a specialist which in Bulgaria will be walking distance away in major cities and won’t cost you more than 50 BGN, roughly equal to 25 EUR. They will have the necessary experience to diagnose the PC and will also let you know if it is a hardware problem. Slow device doesn’t necessarily mean infection is active.

@Brahman , DNS monitoring will be bypassed in cases where malware communicates directly to IPs (no resolution needed). For traffic monitoring, it will be better to use WireShark or some form of IPS like Suricata/Snort with the appropriate signatures package.
 
Last edited:
  • Like
  • +Reputation
Reactions: Freki123, oldschool, Shadowra and 9 others
Shadowra

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
Strike said:
I'm sure it's RAT, because i still fighting with the infection more than 2 years. :)
Well,it seems the MBR is clean.
But,i'm not sure where exactly it remains..
The problem is that i still don't have any firewall/av detection to proof it.
Click to expand...

RAT or other malware cannot remain on a system after formatting...

If you are infected, it's either the network (as is the case with Emotet, for example) or a device other than the computer.

And if you really were infected, I think @icotonev would have seen it....
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: roger_m, Trident, Moonhorse and 5 others
S

Strike

Level 1
Thread author
Jun 12, 2022
23
Ok,guys some of you is thinking that i just post threads to waste people time.
Is there any
Shadowra said:
RAT or other malware cannot remain on a system after formatting...

If you are infected, it's either the network (as is the case with Emotet, for example) or a device other than the computer.

And if you really were infected, I think @icotonev would have seen it....
Click to expand...
I'm not an security expert or something,but those viruses are very rare and exist ofc.
They are called bootkits.
:)
 
  • Like
Reactions: Trident
Shadowra

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
Strike said:
Ok,guys some of you is thinking that i just post threads to waste people time.
Is there any

I'm not an security expert or something,but those viruses are very rare and exist ofc. :)
Click to expand...

No one said you make Threads to waste time.

Only, a persistent RAT after formatting is IMPOSSIBLE.

Attackers regularly change their attack strategies.

The only persistent thing is either a network infection (as I said) or an MBR infection (but @icotonev would have seen that too, and told you you weren't infected).

Then again, I've never seen malware that's been undetectable for 2 years.
 
  • Like
  • +Reputation
  • Applause
Reactions: roger_m, Trident, Jonny Quest and 5 others
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
i would just buy new drive or completely buy new device and enjoy my life, instead of spending 2 years to solve such issue

You have done right way , and you have gotten help you needed, if you think something still persist in there i dont think theres many ways to solve issue anymore

take care(y)
 
  • Like
Reactions: simmerskool, Trident, Shadowra and 2 others
S

Strike

Level 1
Thread author
Jun 12, 2022
23
Moonhorse said:
i would just buy new drive or completely buy new device and enjoy my life, instead of spending 2 years to solve such issue

You have done right way , and you have gotten help you needed, if you think something still persist in there i dont think theres many ways to solve issue anymore

take care(y)
Click to expand...
You are right.
Btw guys i don't think that hacker will spy on home pc with 2 games 😁
 
  • Like
  • HaHa
Reactions: kylprq, simmerskool, Trident and 2 others
Status
Not open for further replies.

Similar threads

S
    • Like
Advice Request How can malware remain on PC after I format my HDD?
Replies
19
Views
2,506
General Security Discussions
Victor M
Victor M
duma
  • Locked
E-mail after a malware infection
Replies
4
Views
662
Windows Malware Removal Help & Support
duma
duma
H
Malware worm help
Replies
3
Views
2,124
Mac Malware Removal Help & Support
EstrellaRhodes
E

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top