|
|
| Page 1 of 1 |
|
|
 Posted: Thu, 22nd Sep 2022 02:26 Post subject: Can't delete Foxif virus at all |
|
 |
I simply dont know how i got it. It is said that it came with an specific version of CCleaner but i dont have such version
With the virus i cannot start Discord due to an error 0xc000003e
I ran Malwarebytes in normal mode and detected 4 files with it. Quarantined em, reboot and 2 were replaced but other 2, DLLs, were unable to be deleted
I tried going into Safe Mode With Network and do the same thing again, till there's a moment that they don't come back anymore
However as time passes (minutes) after going back to normal mode and be able to open Discord again (After a reinstall) it happens again
I'm sick n tired of this issue. But the worst of all is that i've read that the virus infects the motherboard and that might mean that i must change either the mobo or the CPU or both, even the RAM. But i cannot identify the issue and i want to to save me money, time and drama.
HELP, PLEASE!
ASUS X570 TUF GAMING PLUS, 32GB DDR4@2666 ,RYZEN 5800X3D (NO OC),GIGABYTE RTX 4070 Super GAMING OC, Western Digital Blue 4TB 5400RPM + SAMSUNG 860 EVO 500+1TB GB SSDs , OEM SATA DVD 22xNoctua NH-D15 Chromax Black, BenQ XL2420T Case: Be Quiet! DARK BASE PRO 901. PSU CORSAIR RM1200 SHIFT
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 22nd Sep 2022 07:42 Post subject: |
|
|
"Infecting the motherboard" probably means it wrote something to BIOS, so you can re-flash it by downloading the BIOS on another computer (just unpack the file onto FAT32 USB flash drive and run EZ Flash directly from BIOS).
There's Kaspersky live CD which you can turn into bootable USB flash (again, on another computer) and scan the system without involving Windows.
|
|
| Back to top |
|
|
DXWarlock
VIP Member
Posts: 11422
Location: Florida, USA
|
| Posted: Thu, 22nd Sep 2022 09:18 Post subject: |
|
|
What guy said. If its in the BIOS thats the surest way to remove it from there.
Replacing the CPU and RAM for a virus isnt a thing (at least that I know of anywhere) as it has nothing that can be written to that stays persistent on loss of power.
If nothing else this site is (well was, havent needed it in years and assume it still is) top notch for getting help removing a specific one, from your specific machine and setup.
https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/
-We don't control what happens to us in life, but we control how we respond to what happens in life.
-Hard times create strong men, strong men create good times, good times create weak men, and weak men create hard times. -G. Michael Hopf
Disclaimer: Post made by me are of my own creation. A delusional mind relayed in text form.
|
|
| Back to top |
|
|
couleur
[Moderator] Janitor
Posts: 14081
|
| Posted: Thu, 22nd Sep 2022 09:38 Post subject: |
|
|
Flash your bios, boot from windows installation usb stick and reinstall Windows.
"Enlightenment is man's emergence from his self-imposed nonage. Nonage is the inability to use one's own understanding without another's guidance. This nonage is self-imposed if its cause lies not in lack of understanding but in indecision and lack of courage to use one's own mind without another's guidance. Dare to know! (Sapere aude.) "Have the courage to use your own understanding," is therefore the motto of the enlightenment."
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 22nd Sep 2022 10:12 Post subject: |
|
|
But in that case, be sure to delete all partitions on system drive before proceeding with the installation. If you just format the existing C: partition, theoretically the malware might be saved on UEFI boot or recovery partition (those two ~500 MB partitions you can see in Windows disk management) and reactivate on a clean installation.
|
|
| Back to top |
|
|
couleur
[Moderator] Janitor
Posts: 14081
|
| Posted: Thu, 22nd Sep 2022 10:29 Post subject: |
|
|
@Guy_Incognito yup!
"Enlightenment is man's emergence from his self-imposed nonage. Nonage is the inability to use one's own understanding without another's guidance. This nonage is self-imposed if its cause lies not in lack of understanding but in indecision and lack of courage to use one's own mind without another's guidance. Dare to know! (Sapere aude.) "Have the courage to use your own understanding," is therefore the motto of the enlightenment."
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 22nd Sep 2022 11:04 Post subject: |
|
|
I tried deleting the partitions from the OS SSD, leaving me the option to just use the "New" (partition) one, formatted everything from it after, and whenever i entered W10 i updated W10 to the latest version then accessed WDefender and it said there were no errors.
However whenever i tried to give it a scan it found like 11 instances of the virus in the Backup SSD that i have (Where the real personal important stuff is at), infecting innocent installation stuff like Chrome, etc, yet whenever i try to use em they work as intended.
When i saw that i thought that i could go back to my Macrium image to use Malwarebytes to search for the virus in that personal folder, but all it found was malware that has no relation to the Floxif virus (malware like false positives) within the +500k files , finding 76 malwares.
The funny thing?...Malwarebytes' "Rootkit search" function from the analyze option doesn't works even when it asks me to choose an entire drive to analyze, meaning that if i choose the entiire Backup SSD and try to start it shoots me that error.
Forgot to mention that i also have a mechanical HDD with other important things (installators, etc, wich some of em causes the error 0xc000005 to happen, but replacing them with one i had in my external HDD or redownloading them again made em work again, but i still want to kill the fucking virus from everywhere, every drive, everything
ASUS X570 TUF GAMING PLUS, 32GB DDR4@2666 ,RYZEN 5800X3D (NO OC),GIGABYTE RTX 4070 Super GAMING OC, Western Digital Blue 4TB 5400RPM + SAMSUNG 860 EVO 500+1TB GB SSDs , OEM SATA DVD 22xNoctua NH-D15 Chromax Black, BenQ XL2420T Case: Be Quiet! DARK BASE PRO 901. PSU CORSAIR RM1200 SHIFT
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 23rd Sep 2022 20:16 Post subject: |
|
|
Seems like i've finally fixed it, and the BIOS reflash made it have it's "Beep!" back to 4 secs instead of 10, just like when originally flashed!
More info here https://www.reddit.com/r/antivirus/comments/xkc6fx/cant_delete_foxif_virus_at_all/
Nobody from the forum on the link in this Nfohump post above by DXW did a thing to help (Oh, but look at em help others!)...
Although there's one thing...I'm still using my previously backed image made by Macrium, wich means the UEFI/Restore partitions are still there with, maybe?, theorically?, with the virus.
Does it means the virus is still there?. If so, is there a way to clean it outta the way without format?, or did i solved those partitions' issues by using the methods above in the reddit link?
However, everything in the system is working so far as planned, so i might survive with what i have now and if shit hits the fan again then i'll go full format with partition deletion in the way and pray for the bastard to not come back again
EDIT: Tried formatting and did the whole partition deletion. No virus problems, but the installations for Adobe Photoshop 2017 and illustrator2021 worked in a different way, making the PS one to behave weirdly, while illustrator 2021 didn't showed up the Home Page correctly when started.
Back to the supposed "cleaned" image for now until further notice. Can't stress myself like this for now...
ASUS X570 TUF GAMING PLUS, 32GB DDR4@2666 ,RYZEN 5800X3D (NO OC),GIGABYTE RTX 4070 Super GAMING OC, Western Digital Blue 4TB 5400RPM + SAMSUNG 860 EVO 500+1TB GB SSDs , OEM SATA DVD 22xNoctua NH-D15 Chromax Black, BenQ XL2420T Case: Be Quiet! DARK BASE PRO 901. PSU CORSAIR RM1200 SHIFT
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 24th Sep 2022 13:09 Post subject: |
|
|
Maybe you should run Kaspersky live disc from USB and scan the whole system, just in case. I don't know how often they update the live image, but I know you can update virus definitions before scanning straight from the live session.
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 24th Sep 2022 13:28 Post subject: |
|
|
any idea how u got it btw ? how did it bypass windows defender ?
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 24th Sep 2022 14:15 Post subject: |
|
|
| PickupArtist wrote: | | any idea how u got it btw ? how did it bypass windows defender ? |
Windows Defender is shit, like all other antivirus softwares and you can easily bypass it.
of course its better then nothing for normal people, but still its shit and there is no reason to feel safe, just because you use it.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 24th Sep 2022 15:03 Post subject: |
|
|
It's more than solid enough for a regular user that's not fucking around with shady/unreliable sources, viruses are mostly a thing of the past in favour of phishing - much less resources and actual technical knowledge required for better results, it's a no-brainer.
R5 5600X - 3070FE - 16GB DDR4 3600 - Asus B550 TUF Gaming Plus - BeQuiet Straight Power 11 750W - Pure Base 500DX
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 24th Sep 2022 16:43 Post subject: |
|
|
Alright, i'm finally back. First of all i'm keeping the Macrium image of what i've been using as for late, but i've also formatted (And all "Unit 1", aka OS Drive, partitions DELETED, then format the SSD, then install on the 1TB sized one as always, so i shouldn't be having the virus hidden in there... Hopefully)
After that disable Defender with Winaero Tweaker so i could install my stuff, then update W10 to the latest version.
Some things felt different to install and stuff in comparison with the Macrium version (For example the HP Deskjet 4508 drivers installation process was the same, but there was a moment W10's notifications (bottom right) shown a big dark square showing the printer itself and said that was installed.. But whenever i wanted to add the Wireless function it asked me to connect the printer's USB into the tower, wich i did (it was already connected), but even if i accepted it said "it wasn't connected". A little reboot seemed to do the trick (Never happened before) and the printer prints as it should with Word (blank page, gotta save the inks..)
The above HP thing might be because of W10's latest updates giving certain UI changes when installing specific stuff for devices, specially printers. I am STILL keeping the installer for the printer that came with it because it's faster and reliable than... "HP Smart" from the Windows Store. Nuh-uh, no way, fuck off. I better burn the installer in a CD and fuck it up)
Reinstalling the cleaned versions of my stuff worked and this time Photoshop 2017 and illustrator 2021's home menus (After launch) worked as they should along Premiere 2021 (October update)
I did one last Emsisoft scan on the 3 drives and no signs of the Floxif.A virus, so i should be clean for now
@PickupArtist: My thoughts would be that a hacked Beatmania IIDX 28 BISTROVER copy had a virus on it's launch exe file, spicecfg, because i could play it without issues but there was a moment that made Discord (DC) to have the 0xc000003e error popping up when restarting it from a boot.
When that happened i just rolled back to the safe image i had and no more issues for a long time, until the virus got bored this week and went full assault, making install apps that worked before to fail with error 0xc000005 (Yet again i had the same install folders in my ExtHDD and brought em back... Ofcourse i've also scanned the ExtHDD for errors. Found some, deleted, get em back from the net, rescan again, all safe)
Other times i've had this issue was when installing an Adobe Acrobat DC 2022 version, wich did the same issue, but a newer version later on didn't had the issue, wich i am keeping. Same for Alavsoft's video downloader (For Spotify)
For now i'll survive with the partition deleted method's way. I'm having a bad stomach sickness and a destroyed head after loads of formats etc...
Wished the antiviruses could detect the frigging source of the virus, but maybe it really was the MoBo... Who knows, it's a mystery... Hence why i love Macrium to save my ass and time (Thanks to an user here in the NFOhump forum, wich i forgot who it was...)
ASUS X570 TUF GAMING PLUS, 32GB DDR4@2666 ,RYZEN 5800X3D (NO OC),GIGABYTE RTX 4070 Super GAMING OC, Western Digital Blue 4TB 5400RPM + SAMSUNG 860 EVO 500+1TB GB SSDs , OEM SATA DVD 22xNoctua NH-D15 Chromax Black, BenQ XL2420T Case: Be Quiet! DARK BASE PRO 901. PSU CORSAIR RM1200 SHIFT
|
|
| Back to top |
|
|
DXWarlock
VIP Member
Posts: 11422
Location: Florida, USA
|
| Posted: Sat, 24th Sep 2022 18:43 Post subject: |
|
|
| DV2 wrote: |
Wished the antiviruses could detect the frigging source of the virus, but maybe it really was the MoBo... Who knows, it's a mystery... Hence why i love Macrium to save my ass and time (Thanks to an user here in the NFOhump forum, wich i forgot who it was...) |
Might have been me. I tell everyone that vaguely needs it about Macrium Reflect if you mean someone from a while ago. Ive posted about it a few times.
-We don't control what happens to us in life, but we control how we respond to what happens in life.
-Hard times create strong men, strong men create good times, good times create weak men, and weak men create hard times. -G. Michael Hopf
Disclaimer: Post made by me are of my own creation. A delusional mind relayed in text form.
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 25th Sep 2022 12:18 Post subject: |
|
|
I think i might've found out the culprit, but i'm still not sure, based off Google, or not
Suspects would be:
-The mentioned Beatmania IIDX 28 BISTROVER arcade hack's exe to open the game (DELETED)
-The alavsoft video downloader (Wich had a version that was clean later on and worked without anymore issues)
-Adobe Acrobat Reader DC 2022 (Same as the previous one)
-.....Opera GX. I used to use that app to take advantage of the free VPN that could download things faster and access impossible sites like Zippyshare (ISP block in Europe with Firefox without VPN) and some trustful torrent sites for movies (Never had issues with the movies, and the previous scans i've did didn't hit any movies , only dll and exe files)
I've mentioned Opera GX because it was the last app to install but i had a flashback and googled "Floxif Opera GX" and the first results shown Opera GX as an infected file among others, but again not sure if it's really the culprit (If so, why the devs aren't doing a thing about it?)
Is Opera GX really the culprit of this?... Should i try downloading and install/configure it and do annnnother long scan?
ASUS X570 TUF GAMING PLUS, 32GB DDR4@2666 ,RYZEN 5800X3D (NO OC),GIGABYTE RTX 4070 Super GAMING OC, Western Digital Blue 4TB 5400RPM + SAMSUNG 860 EVO 500+1TB GB SSDs , OEM SATA DVD 22xNoctua NH-D15 Chromax Black, BenQ XL2420T Case: Be Quiet! DARK BASE PRO 901. PSU CORSAIR RM1200 SHIFT
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 25th Sep 2022 19:43 Post subject: |
|
|
Try Hitman.Pro x64
I would much rather wipe out the drive and install fresh Windows. Use eg. GParted ISO to boot your PC and wipe the drive, just to be safe.
Ryzen 7 9800X3D PBO ~-28/+200 | Freezer III 360 A-RGB | Strix X670E-F WiFi | Zotac RTX 4090 AMP Extreme AIRO | Fury Beast 64GB (2x 32GB) DDR5 5600MHz C40 @ 6000MHz C30 | 970 EVO Plus 2 TB | 38GN950-B | S.M.S.L RAW-MDA1 & HiFiMAN Arya Organic | Lancool III Snow White + 4x be quiet! Silent Wings Pro 4 140mm | RM1000x (2021) Gold | G Pro X SUPERLIGHT 2 & POWERPLAY | Win 11 Pro | Logitech MX MECHANICAL
Sometimes I publish YouTube videos: https://www.youtube.com/@RandomTechChannel
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group
|
|
 |
|
