April 27, 2021

Virus persistent after full Windows reset(?!)

I did or did not download some software illegally recently, and before finding a working crack I accidentally opened a .exe including what I now believe is a serious virus.

A couple weeks after the download my Google account gets compromised. Google informs me instantly and I change password and set up 2 factor verification. However, regardless of this, two very expensive purchases are made from my Google account only a few days later ($500+). This is when my worrying gets bad. I presume someone has been able to track the password change, a trojan? and decide to change my password again but via my phone. Multiple antivurses are unable to find anything on the computer so I go for the full reboot.

My computer now completely rebooted, not yet connected to the internet, I begin setting it up. It comes with McAfee installed so I figure – what the heck, why not run it to confirm the virus is gone? As is a common bug, McAfee says ‘real time scanning’ is off. As soon as I turn it on, it automatically gets turned off. Bounces back immediately, again and again. I decide to uninstall McAfee, being McAfee and all and head over to Windows defender. I run the ‘Microsoft Defender Offline scan’ and the computer shuts off. When it comes back on the scan goes unmentioned. I try to run a normal full scan but the ‘scan now’ button is not working, the same goes regardless of scan type.

Any ideas why this could be and how to move forward? A powerful person has a vendetta against me and I’m worried this is his devilish working… But the illegal software situation seems more plausible, so let’s start there.



For clarification, did you reboot “turn it off and back on” or completely reimage starting with a fresh version of your OS?


It’s possible the virus intercepted the Windows factory reset (although I haven’t heard of this myself), or is persisting on a partition that’s not visible. Historically there’s been viruses that have installed themselves in your computer’s BIOS. It’s also possible this is just a bug.

If I were you, I’d create a [Windows Recovery Media](https://support.microsoft.com/en-us/windows/create-a-recovery-drive-abb4691b-5324-6d4a-8766-73fab304c246) from ***another*** computer, boot to that USB on your infected device, reinstall Windows from there, and see if your issue persists.


Sounds like a question for /r/TechSupport but you probably have a rootkit sticking around in your MBR/efi partition and need to format your drive or run a scan of the full disk via a live USB. I recommend something like MxLinux then install ClamAV and see if it finds anything on the disk. booting from the USB will make it so the boot drive isnt in use and you can scan the boot partition before the rootkit has a chance to do anything (its dormant because the hard drive it is on isnt in use at all). probably easier to just nuke the whole drive and start from scratch with a fresh windows install though

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.