worm - using shell, freedos kernel, hijacks network

[atha]

I have huge problems the last 2 weeks. Got a virus that mods admin rights, adds a shell, hijacks router and all cellphones and computers connected to it.
I have no chance to remove it (I have tried all majorgeeks.com methods) nothing works. I cant use cmd, I cant repair. All tasks, programs, commands run thru shell and gets reversed.

This is what I know about it:

Adds freedos kernel replacing config.sys with a heavily modded fdconfig.sys
Mods the mbr
Adds tons of shadow disks into high memory with himem.exe
Replaces the BIOS version and modify the system time.
Adds huge amount of entries in the register.
Adds delay timers on CD-ROM, keyboard,.mouse, all usb devices
Grants super admin rights to NT authority. Removes all rights to other users

Programs I have seen added in the register:

Windows powershell
Messenger live mesh
Messenger live writer
Java FX

I write this from memory as my comp is totally destroyed.
There is basically 100's of added programs.

This is what I have tried: (that doesn't work)

Restore or update BIOS from cd
using any kind of logging/removal tool
Restore, repair, reinstall from authentic windows cd
Repair mbr with fdisk using rescue cd
Using Kaspersky rescue disk via CD-ROM and usb
Using new ssd disk and new motherboard.
Hard reset of motherboard.
Using a usb to SATA adapter to format ssd (worm uses a block device command)
All this tried with no internet connection.

Also infected:
Asus eee 1101ha laptop win7 sp1
Msi x370 win7 home premium sp1
HTC desire with Android 2.3

Main computer:
Asus sabertooth motherboard
Win7 home premium sp1 fully patched
Intel I7 920 CPU

Before you ask me to use system repair, add logs here. Remember. It doesn't work. All commands, programs and tasks is shelled, redirected and reversed.
Even cmd, F8 options etc

[chaslang]

Welcome to Major Geeks!

Quote:

Originally Posted by atha

Adds freedos kernel replacing config.sys with a heavily modded fdconfig.sys
Mods the mbr
Adds tons of shadow disks into high memory with himem.exe
Replaces the BIOS version and modify the system time.
Adds huge amount of entries in the register.
Adds delay timers on CD-ROM, keyboard,.mouse, all usb devices
Grants super admin rights to NT authority. Removes all rights to other users

If it really has done all this, you are problem better off formatting an reinstalling.

Quote:

Originally Posted by atha

Programs I have seen added in the register:

Windows powershell
Messenger live mesh
Messenger live writer
Java FX

It is "registry" and these are normal programs.


If you wish to try one thing before reinstalling, try the below on your Win 7 PC. Use the boot from Windows installation disc option since you say you have the DVD. If you cannot get to the System Recovery Options menu then reinstall is likely the fastest solution.

Please do the below so that we can boot to System Recovery Options to run a scan. There will be two options to choose from. One if you do not have your Windows 7 boot DVD and another when you have your DVD.

For 32-bit (x86) systems downloadFarbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems downloadFarbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.



Option1: Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

Option2: Enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Quote:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)