Solved Virus remain after format [Moved by Staff]

Status
Not open for further replies.

icotonev

Super Moderator
Verified
Staff Member
Mar 9, 2017
561
In fact, I now see that in 2022 you had the same problem:


Are you kidding me..? Already two years ago, they explained to you how to proceed... Why are we dealing with this problem again now..
From the logs you provided for me, there are no indications of malware in the system...!
 

roger_m

Level 42
Verified
Top Poster
Content Creator
Dec 4, 2014
3,187
Ok,but please don't close my topic.
Maybe someone can help me with my issue. :)
I'm curious as to what makes you think that you have some undetectable trojan on your computer? I just looked at your original thread about this from two years ago and when I look at the VirusTotal link you posted and it shows that the file you uploaded is clean.
Quite possibly when you first scanned it, one or two scanners detected some malware. However some of the lesser known antiviruses and AI based scanners, have lots of problems with false positives, whereby they often identify clean files as being malicious. I can only presume that the file was detected as being malicious due to false positives, which have now been fixed.
 
Last edited:

Strike

Level 1
Thread author
Jun 12, 2022
23
I'm curious as to what makes you think that you have some undetectable trojan on your computer? I just looked at your original thread about this from two years ago and when I look at the VirusTotal link you posted and it shows that the file you uploaded is clean.
Quite possibly when you first scanned it, one or two scanners detected some malware. However some of the lesser known antiviruses and AI based scanners, have lots of problems with false positives, whereby they often identify clean files as being malicious. I can only presume that the file was detected as being malicious due to false positives, which have now been fixed.
I'm sure it's RAT, because i still fighting with the infection more than 2 years. :)
Well,it seems the MBR is clean.
But,i'm not sure where exactly it remains..
The problem is that i still don't have any firewall/av detection to proof it.
 
  • Like
Reactions: Trident

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
892
1. Install yogadns. Run it in Windows Service Mode ( since this will enable yogadns as soon as the windows starts and there will not be any dns bypass) with nextdns doh and enable logs. Now you can see all your dns queries your system makes and check for any unusual address in logs to prove or disprove your RAT theory.

2. Or you can use A Mikrotik router, connect your system to it and use " torch" function to analyse out going traffic and it will look like this.....

torch.png
 
Last edited:

brambedkar59

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,124
I'm sure it's RAT, because i still fighting with the infection more than 2 years. :)
Well,it seems the MBR is clean.
But,i'm not sure where exactly it remains..
The problem is that i still don't have any firewall/av detection to proof it.
How do you know that your system is infected with a RAT or any other type of malware?
How did you rule out any hardware issues?
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
RAT persisting a reformatting of the hard drive is very unlikely. Attackers change tools, tactics and techniques, as well as CnC server, so using the same malware for 2 years is unlikely as well.

Do check for bios updates using your PC/Laptop manufacturer website tools and flush the UEFI firmware. Simultaneously with that, reformat the hard drive. Be very cautious about pirated software from Zamunda (Bulgarian torrents) and similar websites. Only install reputable software from trusted vendors.
It may be that something you download from dodgy sources has been repacked to include a RAT. Upon reinstalling, you download this software again and this is how your device gets infected.

I highly recommend that you take the device to a specialist which in Bulgaria will be walking distance away in major cities and won’t cost you more than 50 BGN, roughly equal to 25 EUR. They will have the necessary experience to diagnose the PC and will also let you know if it is a hardware problem. Slow device doesn’t necessarily mean infection is active.

@Brahman , DNS monitoring will be bypassed in cases where malware communicates directly to IPs (no resolution needed). For traffic monitoring, it will be better to use WireShark or some form of IPS like Suricata/Snort with the appropriate signatures package.
 
Last edited:

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
I'm sure it's RAT, because i still fighting with the infection more than 2 years. :)
Well,it seems the MBR is clean.
But,i'm not sure where exactly it remains..
The problem is that i still don't have any firewall/av detection to proof it.

RAT or other malware cannot remain on a system after formatting...

If you are infected, it's either the network (as is the case with Emotet, for example) or a device other than the computer.

And if you really were infected, I think @icotonev would have seen it....
 

Strike

Level 1
Thread author
Jun 12, 2022
23
Ok,guys some of you is thinking that i just post threads to waste people time.
Is there any
RAT or other malware cannot remain on a system after formatting...

If you are infected, it's either the network (as is the case with Emotet, for example) or a device other than the computer.

And if you really were infected, I think @icotonev would have seen it....
I'm not an security expert or something,but those viruses are very rare and exist ofc.
They are called bootkits.
:)
 
  • Like
Reactions: Trident

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
Ok,guys some of you is thinking that i just post threads to waste people time.
Is there any

I'm not an security expert or something,but those viruses are very rare and exist ofc. :)

No one said you make Threads to waste time.

Only, a persistent RAT after formatting is IMPOSSIBLE.

Attackers regularly change their attack strategies.

The only persistent thing is either a network infection (as I said) or an MBR infection (but @icotonev would have seen that too, and told you you weren't infected).

Then again, I've never seen malware that's been undetectable for 2 years.
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
i would just buy new drive or completely buy new device and enjoy my life, instead of spending 2 years to solve such issue

You have done right way , and you have gotten help you needed, if you think something still persist in there i dont think theres many ways to solve issue anymore

take care(y)
 

Strike

Level 1
Thread author
Jun 12, 2022
23
i would just buy new drive or completely buy new device and enjoy my life, instead of spending 2 years to solve such issue

You have done right way , and you have gotten help you needed, if you think something still persist in there i dont think theres many ways to solve issue anymore

take care(y)
You are right.
Btw guys i don't think that hacker will spy on home pc with 2 games 😁
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top