I am trying to fix an e-series laptop. it is infected with ransomware. I can clean up the HDD on another machine, but during boot, it does a checkdisk and reinfects the operating system. I think I need to reflash uefi. where can I find this file? thank you, Dave
Oh boy, that's going to be a problem. my uefi is infected with ransomware. I can take the drive out, and run software to get rid of it, but it is reinstalled during a "checkdisk", at boot. I can't get to windows.The only other way I see to get around this is replace motherboard or is there a uefi chip I can desolder and replace?
When you plug the HDD in to a different computer, does it have an EFI partition? If it doesn't have an EFI partition, then you probably just have an MBR infection.....root kit.
If his computer has UEFI, the OS might possibly have been installed in legacy mode.....thus giving you an MBR disk instead of GPT.
I found an article at pc world that is very close to my condition. I might add I tried running sfc /scannow, can't pending disk repair(on every start up) tried all options, including complete factory reset. I can not get in, even in safe mode, a system password has been added. The owner had a pop up, Microsoft tech (I don't think so!) was in the laptop for 30 mins. Now I get stuck with fixing(maybe) it. The desktop I am using to repair this, is a clean win 10 64bit. it has uefi. I can not post links, yet, but the PC world article is 3046626. I am creating a win 10 usb, as I type.
If it were my computer, here's what I would do...if I determined it was just an MBR infection. When you examine the disk in Windows Disk Managment, and it doesn't have an EFI partition, then you will know it's an MBR disk. You can also determine if the disk is MBR or GPT in diskpart. (check for asterisk)
1. Connect HDD to other PC to get the important personal files off of it.
2. Wipe the drive with diskpart clean all (this might take a few hours to run)
from a command prompt:
diskpart list disk select disk x (x=the drive you want to clean---be careful) clean all exit
Thank you JordanB. I gave it a shot, and watched the exact same thing happen again, reboot and a repair took place, and I am back to where I started. I ran ClamWinPortable, Emsisoft Emergency Kit Starter, ClamWin found Trojan, that was removed. Reinstalled drive. While it was open, I found a recovery file, that was empty, 0kb. deleted that, rebooted, caught dos window, blink, scandisk started, gave me option to stop it. I did. it started at recovery window. I have started a full PC reset. It has started, I have my fingers crossed.
Update. Can't believe it. everything malware reinstalled. used another hard drive formatted with Linux, and acer, I think, sent me uefi image. updated uefi with image, re-installed orig. hard drive. performed a factory reset, that worked. This is new to me, and I have been fooling around with windows since 3.1, lol. now to put effective countermeasures in place. defender is not enough. Thank you all for your thoughtful responses.
FAQ & Answers
input your model and click on BIOS, by the way BIOS flash will work only under windows OS.
If his computer has UEFI, the OS might possibly have been installed in legacy mode.....thus giving you an MBR disk instead of GPT.
2. Boot the Windows 10 USB
3. After you select your language, select "repair your computer"
4. Navigate to command prompt
5. Bootrec /fixmbr
I found an article at pc world that is very close to my condition. I might add I tried running sfc /scannow, can't pending disk repair(on every start up) tried all options, including complete factory reset. I can not get in, even in safe mode, a system password has been added. The owner had a pop up, Microsoft tech (I don't think so!) was in the laptop for 30 mins. Now I get stuck with fixing(maybe) it. The desktop I am using to repair this, is a clean win 10 64bit. it has uefi. I can not post links, yet, but the PC world article is 3046626. I am creating a win 10 usb, as I type.
If it were my computer, here's what I would do...if I determined it was just an MBR infection. When you examine the disk in Windows Disk Managment, and it doesn't have an EFI partition, then you will know it's an MBR disk. You can also determine if the disk is MBR or GPT in diskpart. (check for asterisk)
1. Connect HDD to other PC to get the important personal files off of it.
2. Wipe the drive with diskpart clean all (this might take a few hours to run)
from a command prompt:
diskpart
list disk
select disk x (x=the drive you want to clean---be careful)
clean all
exit
3. Reinstall the operating system
https://www.microsoft.com/en-us/software-download/windows8
https://www.microsoft.com/en-us/software-download/windows10
https://store.acer.com/en-us/extended/recovery/
Edit: If you're truly gettings a BIOS password request, then you're probably going to have to resolve that first. I can't help you with that.
make sure you use these two commands if you're not yet ready to wipe the drive.
bootrec /FixMbr
bootrec /FixBoot
If you wipe the drive with diskpart clean all, then you don't need to worry about any of this bootrec stuff