Solved: Really help and right decision needed pls! - HP Support Community

Roikin · ‎11-10-2021

Hello again 🙂 I don’t know what’s my next step should be , kinda last 🙂 I was ready to upgrade my HP desktop RAM, processor and hard drive , and even bough a fan 🙂 waiting for my delivery I got today heavy crypto mining malware, malwerbites found one , and quarantined it, but I suspect it could be migrating , yesterday installed docker and then it’s started 100% CPU , as soon as I click task manger it comes down , and it changed my group policy everywhere , I run before the power shell cdmlets to reset it, now it’s shows that this is they 4th modification to new machine and policies my desktop is /name ;4 , I just wants to get rid of it , and install clean windows , I have 21H1 now. But what should I start with ? Reinstall windows , then change hardware, or other way around ? And how and where would be the best easy to save all files ? If I save in hardriive the malware can get back , if I keep in cloud same thing , ok I can delete , but there is my windows image saved and yesterday I downloaded windows server image and saved , should I restore just windows with key ? Sorry my head spins around from this , I am digging up all day :))) thanks in advance

Prométhée · ‎11-11-2021

Hello
best to do, and go to a site specializing in viruses, they may be able to help you out, without having to delete everything
If indeed, you back up your data before reinstalling, depending on the infection, you may also back it up with
And be at the same point, after reinstallation
If you change the hard disk, the question does not arise for reinstalling Windows, since the disk is blank, you have to start by installing the system there.
I advise you to proceed step by step
Try to fix the virus problem, in order to have your hdd clean, then remove it
install windows on the new disk, update etc.
Then try the memory upgrade, check the operation
After that, if everything is ok, the processor, be careful what you do, you can destroy the motherboard
When everything is ok, you can connect your own old HDD, and recover your data

--------------------------------------------- Signature ---------------------------------------------
was this reply helpful , or just say thank you ? Click on the yes button

Please remember to mark the answers this can help other users

please click on the accept as solution button if message provided an answer to the problem

Desktop-Knowledge-Base
Windows 11 22h2 inside , user

------------------------------------------------------------------------------------------------------------

View solution in original post

Prométhée · ‎11-11-2021

Hello
best to do, and go to a site specializing in viruses, they may be able to help you out, without having to delete everything
If indeed, you back up your data before reinstalling, depending on the infection, you may also back it up with
And be at the same point, after reinstallation
If you change the hard disk, the question does not arise for reinstalling Windows, since the disk is blank, you have to start by installing the system there.
I advise you to proceed step by step
Try to fix the virus problem, in order to have your hdd clean, then remove it
install windows on the new disk, update etc.
Then try the memory upgrade, check the operation
After that, if everything is ok, the processor, be careful what you do, you can destroy the motherboard
When everything is ok, you can connect your own old HDD, and recover your data

--------------------------------------------- Signature ---------------------------------------------
was this reply helpful , or just say thank you ? Click on the yes button

Please remember to mark the answers this can help other users

please click on the accept as solution button if message provided an answer to the problem

Desktop-Knowledge-Base
Windows 11 22h2 inside , user

------------------------------------------------------------------------------------------------------------

Roikin · ‎11-12-2021

Thank you for your response, and advice, I really appreciate, I have some additions to say, what happened I found the windows even log , and the malware what started was WudfCoInstaller and then it’s escalated, it went to the root and changed as bitdefender , or any other windows system programms , bitdefender chased it , and he lock himself in recycle bean and put a password on it, then he enabled azure connection docker back and local network Bluetooth and direct access to my other pc and iphone , , I did a clean windows install on one pc ,as soon as I came online somehow my sync turned on, I didn’t do it, I was watching to make sure it’s off, and it came right back in, the second hp I run soft from bleeping computer website to find errors, it gave me solutions , but that thing wiped it off , all I was able to remember that my machine is not able to completely recover , then I run windows defender offline scan ,and as soon it came back , my pin button was missing and I it was offering me to downtown at Microsoft store , but couldn’t do nothing more , and I found out unfortunately too late that bot enabled direct and Bluetooth connections with all my conneted devices and iphone so the problem is bigger than I though , I don’t know now may be first thing would be start to change passwords everywhere, my phones battery went from 100% in morning to 30 within few hours. Looks like he’s alive , I made him angry trying to chase , he just did locked me out and I don’t know what else is done. When I didn’t do anything, just working on pc he was calm just using 50% cpu and we were like buddies working side by side :))) well , thanks again, I accept your your suggestion as solved , and if any idea comes , please share with me. PS I read on bleeping computer website that exactly same description malware I have is TNT groups attacks to cloud servers.

Prométhée · ‎11-12-2021

I do not know how it goes with you, but in France I am not mistaken, and fortunately never needed, there is a specialized section, in cyber-crime of the Gendarmerie.
Find out if you file a complaint if it is so serious!
Notify your bank, if it was possible to access your credentials (online purchase) etc.
I'm not sure what else to advise you!

--------------------------------------------- Signature ---------------------------------------------
was this reply helpful , or just say thank you ? Click on the yes button

Please remember to mark the answers this can help other users

please click on the accept as solution button if message provided an answer to the problem

Desktop-Knowledge-Base
Windows 11 22h2 inside , user

------------------------------------------------------------------------------------------------------------

Really help and right decision needed pls!

Create an account on the HP Community to personalize your profile and ask a question