Tweet
Hello,
I am unable to get into windows or even install it via a bootable drive due to an error message popping up when I get to the copying files part.
On top of this, whatever this virus is, it infected my entire networking system which includes my router & even my Mac, which if possible, I could really use help with after my PC (Mac is for work and has valuable files on it) but we can discuss this after.
I cleaned my router by performing a complete factory reset, changing my DNS server, IP addresses, disabling remote access, only allowing connection via https, re-enabling all security features etc.
My router is an Asus ROG Rapture AX1100
My MacBook is a 2017 MacBook Air (lowest variant)
My PC is custom built with the following :
I9-9900k
Nvidia 2080Ti FE
32gb G.SKILL Trident-Z RGB 3200Mhz RAM
Gigabyte Aorus Z370 Master
(2) WD Black 500gb NVME SSD’s
(1) Samsung 500gb 970 EVO NVME SSD
(1) SanDisk 500gb SATA SSD
Gigabyte TITAN-RIDGE Thunderbolt 3 PCI-e card
Moving on…
I’ve noticed that GRUB is installed on my PC suddenly and I’ve never installed UBUNTU or LINUX on this PC.
On top of that, I’ve also noticed that some kind of script is running after I press F12 and select the USB drive to boot from. It happens right after I press the USB drive to boot and before the Windows loading screen comes on. This is how I have to access Command Prompt.
To explain further… SFC can complete it’s scan but Windows Resource Protection is unable to fix my issue.
I can’t fix it with DISM either. It fails.
I’ve completely unallocated all of my drives.
I’ve used diskpart to fully clean my drives.
And this is where it gets weird: I’ve noticed that my PC supposedly has 5 physically mounted drives and 3 removable drives…
This is not true. I have (3) NVME drives and (1) SSD & finally the (1) removable bootable drive.
After going into my BIOS boot menu, I’ve noticed there are (3) storage devices
Generic-USB3.0 CRW -01.00
Generic-USB3.0 CRW -11.00
Generic-USB3.0 CRW -21.00
These are definitely NOT my drives. And I unplugged all other devices from my PC so im confident that these are malware somehow posing as USB drives. After doing a quick search via Google, I noticed that these Generic names are generally associated with the UBUNTU system.
I’m guessing those along with GRUB and various other items are pointing to the type of malware/virus here but I just don’t know enough about them to be able to solve this myself and am hoping for some assistance.
By the way, I’ve tried deleting, unmounting, removing, flushing and every other command I could possibly find to remove these Generic drives but they mostly don’t respond, access is denied etc. (I’ve been at this for almost 20 hours now so I’ve tried a lot)
I can’t access safe mode. When I boot into Kaspersky Rescue Disk, I have no connection to the internet via either ethernet or wifi and if I add a connection it still won’t work and also a scan reveals no malware and I’m certain that the malware takes control of Kaspersky on startup. KSD does not find any viruses and I think it’s being stopped short with it’s scan.
I could go on and on.
There is absolutely no data I want on these drives and whatever this virus is, I’m fairly sure it’s probably corrupted my OneDrive also I know it at least tried to access it along with my personal vault (that had nothing in it)
Any help would be very much appreciated and if it makes it easier, I can provide a number to speak over the phone and also compensation for your time. I genuinely appreciate even the consideration to assist me, even if you can’t.
Thank you!
I am unable to get into windows or even install it via a bootable drive due to an error message popping up when I get to the copying files part.
On top of this, whatever this virus is, it infected my entire networking system which includes my router & even my Mac, which if possible, I could really use help with after my PC (Mac is for work and has valuable files on it) but we can discuss this after.
I cleaned my router by performing a complete factory reset, changing my DNS server, IP addresses, disabling remote access, only allowing connection via https, re-enabling all security features etc.
My router is an Asus ROG Rapture AX1100
My MacBook is a 2017 MacBook Air (lowest variant)
My PC is custom built with the following :
I9-9900k
Nvidia 2080Ti FE
32gb G.SKILL Trident-Z RGB 3200Mhz RAM
Gigabyte Aorus Z370 Master
(2) WD Black 500gb NVME SSD’s
(1) Samsung 500gb 970 EVO NVME SSD
(1) SanDisk 500gb SATA SSD
Gigabyte TITAN-RIDGE Thunderbolt 3 PCI-e card
Moving on…
I’ve noticed that GRUB is installed on my PC suddenly and I’ve never installed UBUNTU or LINUX on this PC.
On top of that, I’ve also noticed that some kind of script is running after I press F12 and select the USB drive to boot from. It happens right after I press the USB drive to boot and before the Windows loading screen comes on. This is how I have to access Command Prompt.
To explain further… SFC can complete it’s scan but Windows Resource Protection is unable to fix my issue.
I can’t fix it with DISM either. It fails.
I’ve completely unallocated all of my drives.
I’ve used diskpart to fully clean my drives.
And this is where it gets weird: I’ve noticed that my PC supposedly has 5 physically mounted drives and 3 removable drives…
This is not true. I have (3) NVME drives and (1) SSD & finally the (1) removable bootable drive.
After going into my BIOS boot menu, I’ve noticed there are (3) storage devices
Generic-USB3.0 CRW -01.00
Generic-USB3.0 CRW -11.00
Generic-USB3.0 CRW -21.00
These are definitely NOT my drives. And I unplugged all other devices from my PC so im confident that these are malware somehow posing as USB drives. After doing a quick search via Google, I noticed that these Generic names are generally associated with the UBUNTU system.
I’m guessing those along with GRUB and various other items are pointing to the type of malware/virus here but I just don’t know enough about them to be able to solve this myself and am hoping for some assistance.
By the way, I’ve tried deleting, unmounting, removing, flushing and every other command I could possibly find to remove these Generic drives but they mostly don’t respond, access is denied etc. (I’ve been at this for almost 20 hours now so I’ve tried a lot)
I can’t access safe mode. When I boot into Kaspersky Rescue Disk, I have no connection to the internet via either ethernet or wifi and if I add a connection it still won’t work and also a scan reveals no malware and I’m certain that the malware takes control of Kaspersky on startup. KSD does not find any viruses and I think it’s being stopped short with it’s scan.
I could go on and on.
There is absolutely no data I want on these drives and whatever this virus is, I’m fairly sure it’s probably corrupted my OneDrive also I know it at least tried to access it along with my personal vault (that had nothing in it)
Any help would be very much appreciated and if it makes it easier, I can provide a number to speak over the phone and also compensation for your time. I genuinely appreciate even the consideration to assist me, even if you can’t.
Thank you!
Comment