THE MALICIOUS SCRIPT IS IN THE BIOS, script is easily seen on top of browser while in safe mode. AFTER FLASHING THE BIOS AS WELL AS CLEARING CMOS numerous times, THE TROJAN/evil thing REMAINS. Wiping hard drives clean, purchasing new hard drives, new computers, nothing gets rid of it! THERE IS NO ANTIVIRUS THAT HAS BEEN ABLE TO detect much less ELIMINATE OUR PROBLEM. It has the recycle bin encrypted so that anything you delete; gets put back into its office. Has remote desktop control. I know it sends lots of faxes out??? How is this possible?? Uses Netmeeting and the whiteboard. I dont have access to any shared folders. I cant see the properties for my network folder(s). The trojan uses a lot of wave files. Audio devices, audio extensions. It will keep quiet if you leave it alone. However, that is asking the impossible from any American. I cannot stand to even be on a computer where reasonable measures have been taken to ensure some protection of privacy. We have never used remote desktop services, voip, vnp's. I have been dealing with this monster for the past 2-3 weeks. At first, I thought it was spyware, then a hacker. I believed purchasing new computers, changing services, new appliances would resolve the issue. It has not. We have gone through several new systems and still the same issues. Believing that it would be resolved quickly, especially after reading this article and the responses to it weeks ago, I believed that it would be gone relatively fast. Here I am, 3 weeks later; today two security experts from a well known antivirus company came by, took a look at it and confirmed the bios malicious scripting. Told us they will be back on Monday with another expert as this is pretty serious.

The trojan has controllers on the universal power supply. I have tried everything that I can think of. We are in Southern California, if anyone has any suggestions, please post. I will be the first one to tell anyone; this is something that is severe. It has been a lesson in humility. Contrary to what others have stated, until you experience an encounter with this engulfing s it is difficult to believe. Forget about security settings, it becomes the administrator. It assigns the groups, reassigns, forges everything. It takes over your system and you become a nobody very quickly. It changes all settings, watches your every move, sometimes it lets you think that you are winning, only to find out after hours of hard work that it was a nasty joke played on you. This thing turns the network authority service against you. Kicks you out of your own system. You low level format, remove the partitions, purchase new memory, video cards, motherboards, software, change platforms numerous times in an attempt to rule out the source. Rules as we know them, are no longer are applied. It impersonates you and what is worse the system attacks and forces you off. It has numerous servers on hidden partitions on your drive. For example, Drivescrub shows hidden volume on drives A B and C. It scrubs drive ./A, ./B, ./C, and Drivescrub actually scrubs and writes zeroes to the floppy drive??? Today in Xp Recovery, I tracked the terrible encrypted and hidden pnp device placed before the systemroot folder. It appears to be a directory (I suspect it is the recycle bin) because after much discovery I found it does a memory dump of malicious pnp devices on every reboot. It is the hidden storage device of unknown origin. I bootcfg /dissableredirect bios. However, when it rebooted, XP bluescreened- virus suspected on hard drive shutting down to protect your system. Buy new hard drive, flash the bios, clear cmos. The demon reappears!

It has keyboard control as well. Dont worry about closing ports because it will only open them. I became aware of it because our antivirus kept dying on me. The entire system would turn on it. I would find it in pieces in a folder (some sort of sick joke). It looked like a terrible fight had taken place. I believe I have tried almost every antivirus out there. Router is secure. Security appliance as well. If you attempt to remove it, in a matter of a second whatever tool is used vanishes into its volume black gluey sticky volume. Sometimes I think this is a science fiction movie I am going through.

The trojan also hides the system volume folder in order to decieve the paging size file. Also uses virtual devices, a joystick. It has its own templates so that you cannot connect online when you try to do so. Kills every antivirus program if it's security setting get a little too strict for it. IT HAS REMOTE DESKTOP CONTROL, CROSSES PLATFORMS, HAS 3 HIDDEN PARTITION TABLES. LOWLEVEL FORMAT DOES NOT DO ANYTHING. IT ATTACHES ITSELF AS An s to ie browser. Tried Xandros, but it too does not hold up.

Today, I thought that the one thing that all of our computers have in common is that they all have the same brand gigabyte motherboards. Come to think of it this problem first started right with a new system. Perhaps its from a 3rd party chip on the motherboard??? Is this possible? Is it possible for it to reside in a peripheral device I have not looked into? A battery pack, the broadband cable? Thanks.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11372/33500#33500