Backdoor Virus

[M.Hopkins]

I am Microsoft certified across most products & recently (for the first time ever) called the MS Answer Desk based in Manilla, in order to get help with WUpdate - my laptop was running on Win 7 Pro & I couldn't update security releases without having Win 10 download & try to install/upgrade my Win 7 platform. Very aggressive rollout even for Microsoft. WUpdate kept 'hanging' so I ran services.msc, stopped & started WUpdate, tried an earlier restore point, deleted some KB updates which I'd discovered weren't actually Win 7 security files but are in fact Win 10 system preparation files. As a last resort I called MS Answer Desk in Manilla. After 1.5 hours watching a level 1 technician try all of the above, my Case was escalated to a level 2 technician in India. The guy (who called himself Akash Akanda) set himself up as an Administrator, ran the same troubleshoot stuff as above & after 2 hours said he'd need to call back the next day as Win 7 seemed corrupted & required a completely new installation. He called the following day, but 1.25 hrs later than the scheduled time. I had another appt so I spoke with him briefly and gave him full remote access to my high spec HP laptop, even telling him my BIOS password, which I had to remove apparently, in order for him to reinstall Win 7. A couple of hours later he called my mobile to let me know he'd finished. After that I lost administrator access, all my data was "access denied", using MMC I was unable to gain root access and with each reboot, including Safe Mode, booting a rescue CD, shelling to DOS and running every command I could think of, eventually I was even denied access to my Libraries. It goes without saying that all my paid security software was current and running but nothing was detected. Following numerous calls to the MS Answer Desk, outlining all of th above I was left to sort it myself. The Desk were utterly useless & uninterested. The guy in India was listed on my case file & had closed the file. He also stole all my personal data including all my identity documents, which I'd digitally stored - from original hard copies including Birth Certificate, Driver's License, passport, bank accounts, and all login/ password information for everything. File & Printer Sharing was set to public access & network discovery turned on. Any change I attempted to make was denied. The AnswerDesk in Manilla weren't interested nor would they tell me the name of their call centre - brilliant outsourcing Microsoft!!! Eventually I wiped the HDD (luckily I backup) and purchased a new licence key for Win 7, downloaded the .ISO file, burned to disc, rebooting to BIOS then a restart from th CD - with a brand new W7 installation. Soon after the final restart I started seeing all the same things happening.When I tried to access the MBR I found it was located on X:\ and got "access denied". I tried lots of repairs & reinstalls but the virus's code had written switches on so many system32 files, partitioned them & itself on a new hidden drive X:\ and reduced my login privileges to online access - very restricted too. Finally I replaced the HDD with an SSD and I also replaced the 4GB RAM slots with 2 x 4GB slots.. . I burned a new Win 7 disc, reinstalled & guess what - the virus replicated itself all over again. So now I realise it must have written to the BIOS chip on the motherboard. All storage devices (Ext HDD's, USB sticks, even my Samsung mobile) were affected. I've purchased a Windows 10 phone but I can't remove the corrupt $Recycle.bin folders from the external devices, which contain corrupt .ini files - and System Vol folders with folders & files that replicate themselves - regardless of security settings, ownership or permissions. I don't know what to do next???? Can a backdoor virus ne removed if it's resident in the BIOS??? Would an installation of Win 10 render the virus code virtually redundant - insofar as Win 10 doesn't run on system32 files in the same way?? Are my Ext devices fixable - can I remove the $Recycle.bin and SVI Folders? Can my HP laptop be saved - will a Win 10 installation work without having to replace the motherboard or the entire unit?? Can somebody please help? I'm not working at present and was studying online before all this happened - Australian bureacracy is just catching up with th reality of cybercrime, clearly MS isn't too interested, so it's mostly up to us to plough our way through without going barking mad or completely withdrawing from any sort of online activity. FYI, I have contacted IDCare.org which is the ONLY agency in Australia & NZ set up to assist people with identity theft and I was told that my ID will be sold a few times, bank accounts may be opened in my name and used to launder dirty money, my search history will be sold several times, my contacts will probably receive phishing emails with malicious code and I will have to pay a credit agency $80.00 /year for the rest of my life, to pay for the service which will notify me whenever my details (DOB, DL, Passport, etc) are used to obtain credit or transact online. ****??? So, if anybody out there knows anything which could help rebuilding my laptop operating system or removing the backdoor virus from any/all devices I would be truly thankful. Cheers, Melinda

Continue reading...