@Elrogh

Apparently you have already decided what has to be done from your comments.

"I told the owner his computer hard disk is now fully compromised. Running the antivirus could not help in this situation. The only solution is to low format the entire disk(s)."

Please post the HP product number for your PC. How to Find the HP Model Number and the HP Product Number or let HP automatically find your PC model number and HP network attached printers. This will allow others to review your issue, make suggestions and review your responses. This is usually the best way to get assistance.

Hi @Elrogh

Thank you for posting in the HP Support forum.

From what I have seen in such cases, it is usually safe to restore the PC to factory default condition from the built-in recovery partition. Those people who perform these "hacks" are usually not trained enough and not smart enough to perform advanced steps.

Additionally, it is very difficult (if not impossible) to modify the image file(s) while the OS is active/ON - they can easily be corrupted, though.  If they are corrupted or modified, the recovery process will fail.

If the recovery process does not fail, you are good to do with it. Let me know if the recovery pass or fail.

If you require assistance, post back your the information requested from @Big_Dave

Hope this helps !

Hi

Install a fresh OS, run and check for RootKits etc.

Perhaps https://support.kaspersky.com/viruses/rescuedisk

Obviously a DVD WORM type of Disk is preferable, but a USB would be a good substitute.

If in doubt please ask.

@CF4

Don't use Kaspersky AV as it's Russian and is being pulled from government use.

Norton has a known excellent rescue boot disk.

BTW---The OP claims that only a low level format is going to work.

Dont use Norton it is not European.

Dont use McAfee its not European.

I read that and given a time of upto 20 hours when I last did one.....

So we dis-agree then Big_Dave, lets ask Trump if the Russians (Who are European) can be trusted.

@Big_Dave

Thank you to reply. Yes I decided a part of the solution unless I get an easier or more efficient solution.

The two first links you gave me produced:

Service Unavailable

The server is temporarily unable to service your request. Please try again later.

Reference #6.8a37b9d0.1509995694.b83ce9

Reference #6.8a37b9d0.1509995722.b83e02

For the last link, I will not try since I should connect the HP PC on my network. Sure I could disconnect all my stuff before to use this desktop on the internet but I have 2 permanent servers at home with one managing an email server.

I know Windows upto 7 version and I just see this PC is in fact on Windows 10 Home 64 bit (The tile style is quite far from what I am used to operate). I can add it is a processor i5 6400T @2.2 GHz.

But this is true, usually, I should give more precise informations.

@Elrogh

I only gave you one link.  I just did a test and it works for to download the tools.:smileyhappy:

@IT_WinSec

Thank for your informations.

I did a total recovery and all went fine without any error. The only thing I denied at the end of the recovery process was to grant an access on my Wi-Fi network.

It's good to know the recovery partition is most likely safe.

I will complete the cleaning process (antivirus) from the HP owner's network.

Sure I will feedback afterwards.

@Big_Dave

Ok, I understand, some words were put automatically as links.