Virus help please!!!

[manx1627]

I've managed to get a virus on my pc at some point, was just listening to spotify and it kicked into action, deleted everything on my pc (or at least tried), I turned off my pc so it couldn't kill my gpu or cpu but then when i rebooted and tried to go into bios to do a fresh windows install it also has control of bios, if anyone has any idea of how I can go about fixing this, help would be much appreciated. 

PC specs: r5 5600x, rtx2060 super, 16gb 3600mhz corsair vengance, aorus elite b550m, adata su630 240gb ssd, seagate barracuda 2tb hdd.

 Again any help is much appreciated!! 

[ItTakes2ToMango]

It has control of the BIOS? What made you think that? That'd be very wild if they do 

 

Can you boot into safe mode without networking? 

[manx1627]

When i tried to restart the pc it automatically opened into bios, couldn't quite tell what it was trying to do but it was flicking between pages and then tried saving the setup, I turned off the pc from the psu but I'm not sure if I got there in time. I've now fully disconnected it from ethernet and power, as well as taking out cmos battery and ram, not sure where to go from here.

 

[whispous]

So far none of this yet is evidence for a virus. You've been very unclear as to why you think this is malware, and unless a nation state is targetting you, your BIOS is not being controlled by a virus.

 

 

Yes, you may well have a virus but this is just noise and unclear vagueness so far.

 

If your BIOS is moving around by itself, unplug your keyboard - does it still move by itself?

 

 

Be prepared to get advice that your computer needs to be WIPED.

[Potatoes__]

I seriously doubt that there are viruses out there that could control BIOS like that. You sure there are no shenanigans happening with the input? Like a macro running on your keyboard or a sibling controlling the PC with a wireless keyboard? Unplug the keyboard once you get to the BIOS and also see if there are any wireless USB dongles.

 

Why I suspect the keyboard - both "deleting the files" and getting into BIOS involve the "del" key. If the keyboard just runs some kind of a macro that has this key recorded or if it is straight up shorted or something, leading to key strokes being registered, all the symptoms you've described can be attributed to that.

[manx1627]

I have everything unplugged apart from display out and power now, have put my ram and cmos battery back in, I'll turn the pc back on and see what happens and I'll record it. I think its malware as when I closed my application I had open the majority of my shortcuts on my desktop were actively being deleted, as well as the windows uninstall progress bar running. It can't be a sibling or something pranking me as my mobo doesn't have wifi or bt, I am connected to a public university network, however no one else who livesd in my building or flat has reported any issues, leading me to think that this is some sort of malware. I should've clarified I'm completely fine with wiping the pc but if I can't control the bios then I have no clue as to how I go about doing that and before I flash the bios I'd want to know if people think that could even work. 

[manx1627]

I booted without keyboard plugged in, it booted into windows. So then I rebooted with keyboard plugged in and went into bios myself, to which it said bios had been reset due to cmos battery being taken out (which checks out), not sure where to go from here, should I go back into windows and see what happens, or should I take the precaution of doing a fresh windows install?

 

[Dedayog]

9 minutes ago, manx1627 said:

I booted without keyboard plugged in, it booted into windows. So then I rebooted with keyboard plugged in and went into bios myself, to which it said bios had been reset due to cmos battery being taken out (which checks out), not sure where to go from here, should I go back into windows and see what happens, or should I take the precaution of doing a fresh windows install?

 

Go into Windows, run virus/malware scans.  See if anything is at least identified.  

 

MalwareBytes free on top of Windows Defender at least.

[manx1627]

1 minute ago, Dedayog said:

Go into Windows, run virus/malware scans.  See if anything is at least identified.  

 

MalwareBytes free on top of Windows Defender at least.

Yep going to try this, I feel like I'm going schizophrenic atm as when I went into bios again it didn't do anything suspicious, but when I've now gone into windows most of the shortcuts are deleted

[jaslion]

27 minutes ago, manx1627 said:

Yep going to try this, I feel like I'm going schizophrenic atm as when I went into bios again it didn't do anything suspicious, but when I've now gone into windows most of the shortcuts are deleted

Try malwarebytes offline for a scan. If irs infected reinstalling is not a bad idea

[manx1627]

1 minute ago, jaslion said:

Try malwarebytes offline for a scan. If irs infected reinstalling is not a bad idea

Currently running a malwarebytes offline scan, it's been stuck for 5 minutes at ~160,000 items scanned, I've tried running windows defender quick scan, full scan, and offline scan (all while disconnected from network still), and when the admin popup shows up and I allow it, it then doesn't begin scanning. I've also tried using "Start-MpScan -ScanType FullScan" in powershell admin, and I get an errors were encountered message. 

[Pusbucket]

any virus that infiltrates the BIOS is not going to start doing damage. It would most likely sit there listening, transmitting and would target much more significant systems than a home pc.

If anything it's ransomware and it began encrypting the drive.

The days of people creating damaging virus' is pretty much over with. Today there is almost always a financial gain component/motivation.

 

if possible check to see the drive capacity. If it still looks correct but you can't see/access stuff, probably ransomware.

 

[demonix00]

2 hours ago, manx1627 said:

When i tried to restart the pc it automatically opened into bios, couldn't quite tell what it was trying to do but it was flicking between pages and then tried saving the setup, I turned off the pc from the psu but I'm not sure if I got there in time. I've now fully disconnected it from ethernet and power, as well as taking out cmos battery and ram, not sure where to go from here.

 

Going into the BIOS doesn't mean that your computer is being controlled by malware, it's more then likely that the controller chip on your boot SSD malfunctioned or something else went wrong with it to make it not be detected or be considered a non bootable volume and even after a power cycle (which is what originally made me think this was a controller chip issue) there's missing stuff and issues which is now making me think that the drive is knackered and files being "deleted" was just the start of the failure considering no malware would just start deleting files as it would encrypt them first before removing the originals.

 

Regardless, the SSD is now more then likely screwed so backup whatever important files are still available on it and replace it.