Need my cloud scrubbed of malware

Discussion in 'IT & Internet' started by estwig, Aug 21, 2020.

  1. estwig

    estwig UKBF Legend Free Member

    12,464 4,408
    Got myself mixed up with the wrong girl, being a single fella with little family the lockdown has hit me hard.

    There is some kind of really nasty malware on my main machine, two attempts by different ‘IT experts’ to wipe my HHD hasn’t got rid of it, I’m going to buy a new PC.

    I have just over 10gb of data in my Dropbox account, it’s nicely organised but obviously I no longer trust it.

    How do I have the files professionally scrubbed clean, I’m looking for some kind of guarantee or indemnity that comes with a financial cost to the expert, should something go wrong.
     
    Posted: Aug 21, 2020 By: estwig Member since: Sep 29, 2006
    #1
  2. gpietersz

    gpietersz UKBF Ace Full Member

    1,410 334
    Wipe the hard drive and reinstall the OS. If your experts did not suggest that as a last resort, they are not experts. I would someone better before looking for more complex solutions.

    As for cleaning files on Dropbox, do you know what the malware is, and what file types it can be carried by? The chances are all you need to do is to sync and scan the downloaded files. You could also look at file histories in Dropbox and go back to versions from before the malware infection (if you know when it it) - depending on whether any data loss is acceptable.
     
    Posted: Aug 21, 2020 By: gpietersz Member since: Sep 10, 2019
    #2
  3. estwig

    estwig UKBF Legend Free Member

    12,464 4,408
    Appreciate your help, if it was as simple as this I would have fixed it long before now.
     
    Posted: Aug 21, 2020 By: estwig Member since: Sep 29, 2006
    #3
  4. ffox

    ffox UKBF Regular Free Member

    1,354 253
    Are you saying that after wiping the HDD and Restoring the OS to factory default the malware is still there?

    If so you need to keep the restored machine well away from the stuff in DropBox as that is probably re-infecting the PC when you reconnect.
     
    Posted: Aug 21, 2020 By: ffox Member since: Mar 11, 2004
    #4
  5. gpietersz

    gpietersz UKBF Ace Full Member

    1,410 334
    Which means its in firmware? On the computer or on some hardware plugged into it? That means not only is the old computer suspect, so is anything ever connected to it unless you know which firmware can be infected.
     
    Posted: Aug 21, 2020 By: gpietersz Member since: Sep 10, 2019
    #5
  6. Wayne Smyth

    Wayne Smyth UKBF Contributor Free Member

    38 16
    If you have multiple HDD's in the machine, take them all out except the one that(you want to have) your system OS on it.

    Assuming it no longer has anything of worth on it, delete all the partitions on the HDD and reformat it with a single partition. Unless it's somehow managed to infect your firmware, I can't think of any way it could survive that.

    Reinstall your OS, a virus checker, and use the machine for a bit and make sure there are no further issues. If you can do the above without connecting to the internet, all the better.

    Once you're happy you can then start to systematically(i.e. one at a time) re-integrate various attachments, such as your dropbox, other HDDs, NAS etc, then using for a bit.

    By doing this, you should find out where the offending files are that keep re-infecting you. You might need to repeat the steps a few times until you know what's safe and what needs wiping/fixing.

    As for your final comment about indemnity, I think you need to look at it from the IT persons point of view. You've no idea what data or hardware is already infected, or what it's infected with, you don't know whether damage is already done to these files, yet you want them to provide guarantees?

    I don't do this kind of work myself, but if I did, I can't imagine touching it with a barge pole if those were the contractual terms.
     
    Posted: Aug 21, 2020 By: Wayne Smyth Member since: Nov 11, 2019
    #6
  7. gpietersz

    gpietersz UKBF Ace Full Member

    1,410 334
    This. I was thinking of saying something similar (but Wayne has said it better than I was going to).


    I assume from @estwig 's reply to my comment above, that he has done this and it still survives, which means it has to be firmware, or it gets reinfected from some thing else it connects to (hardware, something on the local network..?).

    It might be worth syncing the dropbox files to a machine with a different OS and running a malware scanner on it there. Even the original machine with a different OS booted off USB, maybe something with security or sysadmin tools on it.
     
    Posted: Aug 21, 2020 By: gpietersz Member since: Sep 10, 2019
    #7
  8. Wayne Smyth

    Wayne Smyth UKBF Contributor Free Member

    38 16
    Personally I think it's unlikely it's hit the firmware. Although it's not unheard of, I think it's - thankfully - far less common. I think it's far more likely that something more obvious has been missed.

    I did wonder whether the people who'd reformatted the disk didn't reformat all the partitions? Or perhaps the virus lives off on some sort of attached storage that hasn't been wiped.

    If it did infect the firmware too, then it would need a bios reflash before reformatting the HDDs.
     
    Posted: Aug 21, 2020 By: Wayne Smyth Member since: Nov 11, 2019
    #8
  9. estwig

    estwig UKBF Legend Free Member

    12,464 4,408
    Great answers guys thank you.

    Either this malware is a very serious peace of kit, I have been keeping some very iffy company of late and it is very possible, or:

    The ‘IT guys’ are mugging me off and haven’t actually done anything properly
    The PC is being reinfected by my Dropbox or other attached source
    Or it’s in the firmware

    Where is the firmware, is it on the motherboard?

    This PC is a serious piece of kit, £3k worth, I’m looking at just buying another one, I need to know it’s fixed but £3k is a tough thing to swallow!
     
    Posted: Aug 21, 2020 By: estwig Member since: Sep 29, 2006
    #9
  10. Wayne Smyth

    Wayne Smyth UKBF Contributor Free Member

    38 16
    The firmware is typically stored in a chip on the motherboard. It's also often known as the 'bios'.

    You can usually 'flash' it back to factory defaults with a utility provided for free by the motherboard manufacturer. It only takes a couple of minutes if you're comfortable with it.

    In your case, I'd exhaust all the other possible points of failure first before I looked at that. I certainly wouldn't brick/sell the PC.
     
    Posted: Aug 21, 2020 By: Wayne Smyth Member since: Nov 11, 2019
    #10
  11. estwig

    estwig UKBF Legend Free Member

    12,464 4,408
    Thank you, all over options have already been exhausted, I desperately need peace of mind. I’m going new motherboard and new SSD.

    Can anything nasty live in RAM?
    Can anything live in the graphics card?
     
    Posted: Aug 21, 2020 By: estwig Member since: Sep 29, 2006
    #11
  12. Nico Albrecht

    Nico Albrecht UKBF Enthusiast Full Member - Verified Business

    829 168
    Gotta love all those guessing advice here. You never mentioned what you actually have as malware. Would be my first thing to actually post. In regards to cleaning it there are services but you might not like the costs of that. Malware loves ram and gpus their favourite place to breed and they survive in volatile memory for many month after you removed the power lead.
     
    Last edited: Aug 22, 2020
    Posted: Aug 21, 2020 By: Nico Albrecht Member since: May 2, 2017
    #12
  13. estwig

    estwig UKBF Legend Free Member

    12,464 4,408
    I don’t know what malware it is, I’m not sure it’s relevant to find out. Wouldn’t the end result be the same regardless, throw the PC away, scrub the cloud and start again.
     
    Posted: Aug 22, 2020 By: estwig Member since: Sep 29, 2006
    #13
  14. fisicx

    fisicx It's Major Clanger! Staff Member

    33,307 9,850
    Scrubbing the cloud may not work.

    It's possible the malware isn't in your dropbox. But one of the files you download or sync to then phones home and downloads the malware. The files all pass the malware checks and scrubbers because the there isn't any malware. It's only after you check the files the malware is downloaded.

    It could be a word document that links to a bit of javascript or an external reference. All very innocent until the document gets onto your PC.
     
    Posted: Aug 22, 2020 By: fisicx Member since: Sep 12, 2006
    #14
  15. JEREMY HAWKE

    JEREMY HAWKE UKBF Legend Full Member

    5,169 1,764
    :):):):)

    HA HA HA

    This is the best post on here by miles

    Well done @estwig
     
    Posted: Aug 22, 2020 By: JEREMY HAWKE Member since: Mar 4, 2008
    #15
  16. Darren_Ssc

    Darren_Ssc UKBF Ace Free Member

    1,242 382
    Posted: Aug 22, 2020 By: Darren_Ssc Member since: Mar 1, 2019
    #16
  17. Chris Ashdown

    Chris Ashdown UKBF Legend Free Member

    11,861 2,465
    If you spent £3K on a computer why did you not pay a few quid for your own cloud backup rather than use dropbox

    How do you know you have a virus and not a machine fault
     
    Posted: Aug 22, 2020 By: Chris Ashdown Member since: Dec 7, 2003
    #17
  18. estwig

    estwig UKBF Legend Free Member

    12,464 4,408
    It’s starting to look like I’m gonna need some kind of system involving two computers, one I assume is always infected, possibly a mac or Linux machine, and a PC that I keep clean.

    The problem comes in sending files between the two machines.
     
    Posted: Aug 22, 2020 By: estwig Member since: Sep 29, 2006
    #18
  19. AllUpHere

    AllUpHere UKBF Ace Free Member

    3,343 1,265
    Just buy a cheap laptop for porn / booking hookers online etc and keep your work machine completely separate ( once it's sorted).

    You might want to warn clients that if they get unexpected mail from you that they should delete it, and not open attachments.

    What you were doing using a 3 grand machine for 'personal use' I really don't know. I thought you were smarter than that. :D
     
    Posted: Aug 22, 2020 By: AllUpHere Member since: Jun 30, 2014
    #19
  20. estwig

    estwig UKBF Legend Free Member

    12,464 4,408
    This malware was installed on my machine, whilst it was running and it was done by someone I know. Don’t ask how that happened, it’s complicated and rather sleezy!

    My email is secure, all accounts and there are a lot are all secure with two step verification, my web hosting is being checked as I type. Apple and android appear to be clean, typing this on a iPad Pro.

    My main PC and my laptop are both infected, possibly everything else on my home network too, tv boxes, scanner, snom phone, printers, etc, they all connect to each other and to the outside world. I’m sat here in my little back bedroom surrounded by over £10k of IT kit.

    For all I know, even my google thermostat is infected!
     
    Posted: Aug 22, 2020 By: estwig Member since: Sep 29, 2006
    #20