 You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Hi gang,
I have 3 pc's on my home network, my main machine has been infected with a white screen virus which I had never heard of,and as a result my SSD is now locked. The machine has now had a fresh SSD fitted but this has also been infected which leads me to believe that the virus is held in the bios.
If it is the case can you tell me the best way forward i.e if I replace the Motherboard and format the SSD will I be good to go?
woah
Oh that thing! I had a popup like that the other day - just pulled the plug immediately, no harm done luckily.
Right - first things first, I doubt it's resident in the BIOS, or certainly alone in the BIOS - so no, just swapping the MoBo won't fix it.
Leave the machine alone while you decide on a single, thorough course of action to try first. Obvs remove if from the network.
Have a read through this and see if you could do any of them:
https://malwaretips.com/blogs/remove-white-screen-virus/
Cheers GFS, the virus I have started as a white screen and now will go through the boot screen until windows logo then just goes to a black screen then hangs. I have installed the fresh SSD loaded win7 then upgraded to 10 then game over.Twice. The SSD is the only drive connected and if I attempt to secure erase it it shows as frozen.
Sheesh, nasty.
It could be hiding in the backup partition or MBR as well :/
Do you need to recover any files from that SSD?
Yes,I am self employed so all of my recent bookwork etc plus family pics etc. I have always built my own PC's so am happy to adapt but where to look?
I have cold booted and flashed the BIOS but am unable to erase the SSD, the other PC's have shown no ill effects so am led to think it is just the 1 machine and not the router/other outside influence.
I dont have a lot of free time at the mo so am looking to cut my losses and get a stable machine back up and running.
GFS,
Sorry no files are needed from the new SSD as it is a replacement for the original and only has a windows install, I have 3 more HDD's in the machine with a lot of files I would love to save! All 3 are disconnected form the MB.
So I can abuse the new SSD in the name of research if it gets the job done.
Sounds like you have nothing to lose from a low-level format.
I'd get a bootable Linux USB* and use gparted to flatten the partitions completely, all of them. Leave the entire drive unallocated and try again [you'll have to make a partition when you install Windows again].
*Ubuntu or Mint iso's should support this.
EDIT - Don't reconnect the other drives if you get windows back - I'd be using your bootable Linux stick/dvd to access them after you've got a windows install back, and then use Linux as in intermediary OS to access and copy them off. I have no idea if your virus may also insert itself into those files too.
So if I,
Flash the Bios
Erase the SSD
Load windows
I should be in a virus free state?
If you can handle that without it taking you too long then that's where I'd start, yes. It's possible it's not going to work, but it may well and it shouldn't take too long.
No worries, the only part I have not cracked is erasing the ssd. Cheers for your help thus far!
When you say "white screen virus" are you talking about the ransomware or are you just getting a white screen?
How old's the machine, is it actually BIOS or UEFI?
Where are you installing the OS from, is it a known good source? Ie, is it an image from MS or a hooky copy? Read-only DVD or writeable USB?
I'd probably do as Stripes suggested, that's good advice. Definitely do not connect the other drives at all throughout the procedure. Isolate it from the network also. (It's not a "low level format" though, that's something else.)
Oh yeah, and run a Malwarebytes scan on all the other machines before you start.
Cougar,
I believe it to be the White screen ransomware virus as it appeared on a couple of occasions which lead to a reboot and then it became apparent that it was something nasty when the screen went white shortly after log on and the drive was then locked on reboot.I assume there was a countdown until lockout.
Machine is 3 years old based on an Asus P8Z77-vlx MoBo which is UEFI
Loading OS via genuine W7 64bit DVD then MS W10 download.
Just sorting a bootable Ubuntu usb.
Both running PC's scanned with MWB last night and no issues,PHEW!
Ok so make a bootable Mint usb Boot menu then reboot to blank screen.
Make a bootable Ubuntu usb Boot screen then reboot and blank screen.
What next?
Is it booting off the USB or ignoring it?
If it's ignoring it and booting into the broken Windows install, try hitting F12 on boot, see if it gives you a "one-time boot" option where you can select the pendrive?
No OS drive connected,just USB linux.
I have had this because the drive wasn't actually capable of booting.
Try remaking one with unetbootin585, or test it in another machine.
Boots perfectly on other machine.
Think the next drive my MB will see is outside!
oh dear
reset cmos
?
Stripping as we speak, reset cmos,1 stick of ram, cpu,usb flash and go from there.
can you not hit f12/f11/esc etc at post to call a boot menu without entering the bios?
http://arstechnica.com/civis/viewtopic.php?t=1213795
EDIT : yes that was my next suggestion
I'd suspect MBR before bios. I'd secure erase ssd and start again - you say frozen/locked.. many motherboards do this automatically at post, easiest solution is just to power cycle the ssd (pull the cable) after boot just before running the secure erase.
You are certain you just aren't bring reinfected from the web/software vulnerability/infected file?
I'd suspect MBR before bios.
Quite. Back in the day we used to use fdisk /mbr to rewrite the MBR (it's non-destructive). It was handy because the MBR wouldn't typically be touched with things like a format operation.
What the modern equivalent would be, I'm not sure without Googling.
How did you get on?
Some Asus motherboards have the ability to flash the BIOS/UEFI even if no CPU is installed; quite a handy feature. I am not sure yours does though, check your manual or the Asus website.
If the Linux USB won't boot you might need to set the UEFI to BIOS compatibility, I've found some Asus boards a bit trickier to get right - needed to completely remove all previous Windows Secure Boot stuff.
If I was concerned about a virus in the MBR of the SSD I'd boot into Linux and use a USB adapter on the SSD so I can plug it in without risk and then use GParted to rewrite the MBR/GPT and wipe the drive.
Well removed cmos battery and went out for the afternoon,came in and fired it up with just the usb and same again, boot screen for ubuntu then BLAAACCKKK!
The board has previously run Mint and various other linux distro's via usb.
Sounds very odd.
It's not a graphics adaptor settings in the BIOS? eg set to PCIE slot 2 not slot 1?
Op,
Sorry to hear about the infection as it sounds real pain.
Do you know how you got infected?
Ran a virus removal tool and it came up with 3 kaspersky files that were trojan.
I cant understand how it will show a boot screen but not load a linux distro.