Serious Discussion What can be done about firmware rootkit?

Rov123

New Member
Thread author
Nov 23, 2024
12
I suspected to have a firmware rootkit embedded in one of my hardware, though I do not know exactly which. I have flashed my NVME SSD, and BIOS, as well as GPU, but it didn't work. I also flashed my keyboard, and perhaps mouse, but not my monitor which I think could be the culprit since it's one of my oldest hardware component, although the monitor does not have an option to flash the firmware.
Based on the behaviours that I've seen on my computer, this rootkit installed some very deep remote access tool to my device which allows the attacker to completely watch my computer screen, and perhaps even livestream it for their cybergang to see. They know exactly what I am doing at ALL times, and they used this advantage to harass me many times. The attack was also able to remote control my system, here's an example:

They did this sometime back in September or so. They also remotely used my installed Discord app to chat with someone and emoted someone when I've never done that ever, and I checked the devices and logins and it seems secured. I mean this is very sophisticated attack, because I've tried all antivirus solutions, and all kinds of scanners, one time scanners, paid antivirus such as bitdefender and kaspersky, and none of it every detected a single thing. This suggests some very hidden and deep malware, which someone suggested to me before that it could be a firmware rootkit.
What else can be done aside from simply trashing the hardware and purchasing a new one?
Also this malware is able to spread to other devices as well, via. USB, via. network. very nasty.
 
  • Wow
Reactions: Vasudev

Bot

AI-powered Bot
Apr 21, 2016
4,526
You're dealing with a serious issue. Here are a few steps you can take:

1. Disconnect: Unplug your device from the internet and any other connected devices to prevent further spread.
2. Consult a professional: Reach out to a cybersecurity expert or a company specializing in malware removal. They have tools and knowledge beyond consumer-grade antivirus software.
3. Wipe your system: If you're technically inclined, you could try a complete wipe of your system, including all drives. However, this may not remove a firmware rootkit.
4. Legal action: If you're being harassed, consider reporting this to law enforcement. They may be able to help or provide resources.
5. Replace hardware: If all else fails, you may need to replace the infected hardware. It's expensive, but sometimes necessary.

Remember, prevention is the best cure. In the future, be cautious about what you download, which sites you visit, and who you allow to access your system.
 

roger_m

Level 42
Verified
Top Poster
Content Creator
Dec 4, 2014
3,189
The attack was also able to remote control my system, here's an example:
What is happening in that video that you are concerned about? I've watched it twice now and have no idea.

The whole scenario you're talking about is quite bizarre. No hacker is going to livestream what is happening on your computer. Hackers are interested in financial gain, not doing things like that.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,251
Its best to wipe out System Reserved and Recovery partition just to make sure the malware isn't writing to ROM chip on detecting when firmware is written. Use Dr.Web LiveCD or Hitman Pro scanner or Emsisoft Emergency Kit to scan all partitions.
 

Rov123

New Member
Thread author
Nov 23, 2024
12
What is happening in that video that you are concerned about? I've watched it twice now and have no idea.

The whole scenario you're talking about is quite bizarre. No hacker is going to livestream what is happening on your computer. Hackers are interested in financial gain, not doing things like that.
Friendlist tabs spazzing out, I don't get what's confusing about it. My mouse is not even touching the tabs. Also it's not a good idea to generalize every single hackers, not every hacker is going to hack for personal gains, there's some out there with personality disorder which gets fulfillment out of stalking, humiliation, and harassments. Some gets kicks out of toying with their victims. Of course, maybe there's victims of hackers which they specifically choose for financial gains, and there's also victims which hackers use as a way to get their kicks out of messing with them.
 
  • Wow
Reactions: Oldie1950

zidong

Level 2
Jul 15, 2024
72
What else can be done aside from simply trashing the hardware and purchasing a new one?
Don't do that. I'm almost 100% sure that malware can't survive UEFI flash and SSD/HDD drive format. Just do it and you are good.

edit: I read your thread here. So...some l0sers in discord have access to uefi rootkit and blow it to harass you? I doubt it. Probably your pc is infected with Albanian virus.

I'm sure that your computer is not infected with a uefi/bios rootkit, but if you are too paranoid, do this:
1. Do not give remote access to anyone.
2. Download and install latest uefi/bios firmware for your motherboard.
3. Format all attached ssd/hdd/usb drives.
4. Do clean Windows installation.
 
Last edited:

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,165
I don't want to do the questioner an injustice, but it could also be an old acquaintance who keeps appearing in this forum with his paranoia tales.
Agree, if not to at least have followed up with the help they were receiving?
 

Oldie1950

Level 7
Verified
Well-known
Mar 30, 2022
308
Agree, if not to at least have followed up with the help they were receiving?
Yes, the person who asked the question always has problems, but you never find out whether the proposed solutions were successful. Very suspicious.
 

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
893
I suspected to have a firmware rootkit embedded in one of my hardware, though I do not know exactly which. I have flashed my NVME SSD, and BIOS, as well as GPU, but it didn't work. I also flashed my keyboard, and perhaps mouse, but not my monitor which I think could be the culprit since it's one of my oldest hardware component, although the monitor does not have an option to flash the firmware.
Based on the behaviours that I've seen on my computer, this rootkit installed some very deep remote access tool to my device which allows the attacker to completely watch my computer screen, and perhaps even livestream it for their cybergang to see. They know exactly what I am doing at ALL times, and they used this advantage to harass me many times. The attack was also able to remote control my system, here's an example:

They did this sometime back in September or so. They also remotely used my installed Discord app to chat with someone and emoted someone when I've never done that ever, and I checked the devices and logins and it seems secured. I mean this is very sophisticated attack, because I've tried all antivirus solutions, and all kinds of scanners, one time scanners, paid antivirus such as bitdefender and kaspersky, and none of it every detected a single thing. This suggests some very hidden and deep malware, which someone suggested to me before that it could be a firmware rootkit.
What else can be done aside from simply trashing the hardware and purchasing a new one?
Also this malware is able to spread to other devices as well, via. USB, via. network. very nasty.

its probable that you are 100% right and in that case, you are really screwed and there is nothing more to be done except stop using all your current hardware that connects to internet, but its also probable that you are 100% wrong and in such a scenario, what you have done is not the appropriate remedy to your situation. You need to make sure that what you are experiencing is real and not just something made-up by your mind. Take the help of someone you trust, ask them to verify what you have experienced, make sure you are not having a relapse of any kind of substance abuse, or some other illness that require medical intervention. Remember that it can happen to anyone and its not anyone's fault, depression, mood swings anxiety etc all are treatable.
 
  • Like
Reactions: Behold Eck

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
882
I don't want to do the questioner an injustice, but it could also be an old acquaintance who keeps appearing in this forum with his paranoia tales.
That`s what I was thinking.,It`s the same modus operandi, a nightmare scenario and then no follow up to any advice given. Then a disappearance.

Regards Eck,:)
 

Victor M

Level 13
Verified
Top Poster
Well-known
Oct 3, 2022
649
Well
This suggests some very hidden and deep malware,
Not necessarily. It could be your modem is hacked. Then the adversary can do man-it-the-middle. That means he becomes the middle man of all your comings and goings on the net. He can capture your net traffic, inject things into your net traffic, modify it, give you bad downloads with malware. The possibilities just goes on and on. Basically he gets to know you really well, and know what software you download because you have been looking at that site several times. That's how he can slip in malware.

The way to see if this is true is to use nmap and scan your network, like so "nmap -O 192.168.0.0/16" . And do it at different times of the day because sometimes he may not be there.. If you see nmap showing you a PC's ip address that you don't own, you will now know that he has compromised your modem or router, and joined into your network.

The remedy for this situation if it is true is to get another modem and router. Or change ISP. Or try to see if updating the firmware or secure configuration helps or not. See this Router Security . And here;s a shorter piece on router security by Tom's Hardware Your Router's Security Stinks: Here's How to Fix It.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top