DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Please remember the terms of your membership agreement.

Moderators: valis, garyb

User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

I have registered in Gigabyte, raised a ticked and explained what has happened, talked about LoJax and told them I tried to apply one of the methods explained in the manual, but it's not working, so I asked what I can do next, let's see.
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
valis
Posts: 7299
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by valis »

Some boards have swappable chips. Usually the dual bios is present for failure when writing nvram which is usually from too much OC or a power issue (people are dumb and accidents happen), and similarly for when you OC (OverClock) and simply can't even boot (toggling to the other EFI/Bios with defaults gets you back up & running).

Most of my boards can flash from a USB stick from directly in the EFI, but this is unwise when your EFI is infected. Also for some of my boards (like supermicro) I can reflash the same version to EFI/BIOS but adding an extra switch to the command line param when doing it with a bootable USB in DOS mode. This still presents the issue that the EFI is required to get up and running to load a USB drive, and thus might infect the drive.

Good luck, seems you have some work ahead of you and what I mentioned above is likely already obvious to you.
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

Some of it is known to me but some of it is not, so thank you for your explanations, they are very welcomed.

Yes, it seems it's not easy what I'm going through right now, it's like trying to solve a puzzle really. I'm trying to get to flash the corrupted BIOS right now, I will start by clearing the CMOS the traditional way, then try to wake from the healthy BIOS, which is the second one. For this purpose, there are two physical switches in this board, one is called "BIOS_SW", (Main BIOS) and a second one is called "SB", (Backup BIOS), you can choose from which of the two bios you want to start your pc, let's see how it reacts.

Tomorrow I will be receiving, hopefully, a USB CD writer, so I will start working my way with it, Windows R, etc., let's see...
Attachments
mb_manual_ga-z97x-ud5h-bk_v1.1_e.pdf
Here you have the two BIOS switches represented
(814.17 KiB) Downloaded 57 times
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

I did the swap from main to second chip, bios started normally, asked to "load optimized system bios", I did, then I started from the other bios to search for any problems, but it loaded bios normally. But the loop saying: "Preparing to configure Windows. Do not turn off your computer", is there forever, there is no sign of change... We can say now for sure: there is a problem related with the bios, and another one related with Windows itself.

I see my brand new Nektar Impcat LX 49+, (not second hand, it's new) laying on my desk, I want to play with it but I can't... Then I see Windows hanging without remedy so far, I'm pissed off! :roll:
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
astroman
Posts: 8406
Joined: Fri Feb 08, 2002 4:00 pm
Location: Germany

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by astroman »

Did you try to get into „recovery mode“ to stop the (obviously failed) update procedure ?
Iirc it‘s F8 (or F6) pressed at the right moment after boot, but before Windows loads.
You get at least access to the file system and (possibly) may be able to roll back the update.
(I‘m no expert in this area of the OS, though)

fingers crossed, Tom
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

Sure did Tom. I've tried to get by all the means and possibilities that Windows gives me at restart, being F8 the most frequently used shortcut, but before you can enter this secure mode, whichever you choose from the list, the message is almost similar it says something like: "Windows is traying to..., bla bla, the update cannot be applied", and things of the like. I guess, everything is related to the same message and the same loop.

Tomorrow I will try to apply the repair option that gives Windows itself, but through a CD, I'm waiting for this CD drive to arrive. With this I will have very many apps to try out different approaches.
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
valis
Posts: 7299
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by valis »

Once in the wild, malware gets coopted by other, similar actors. Often since they're using debug tracing and decompilers, their efforts are let's say less than stellar. Something attempting to use your pre-existing virus to deploy failing would likely mess up. It's not inconceivable that it borked during an OS update (didn't allow completion or stepped on the "wrong" file to bootstrap itself, let's say) would similarly be less than stellar at its task even if it did manage to touch your BIOS.

Partially writing to that chip will likely cause it to be rejected not only on booting to it, but might leave it in a state that the official bios/efi updater considers it 'bad' or faulty due to nvram not being properly released or a flag being set.

There are utils to resolve that, but it's a good thing to understand before you start manually writing to your EFI/BIOS chip. Think of the equivalent to using diskpart to zero out all partition data and write zeros... In this case as well, the stock updater would likely see as just invalid because it expects to see a deployed image rather than an initialized state. And so on...

I'm sure there are utils now for a virus that old to resurrect some part of whatever it did. Best of luck.
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

Cheers Valis

Well, your explanation gives me hope as I understand it. Yes, I thought the same, after 4 years of existence, there must be something already. What I know is that Windows Defender created a way to scan your BIOS for such type of viruses. Isn't it amazing where we have arrived in these days? Having to scan our BIOS too? Wow! Well, Windows Defender, (only in Windows 10 and on), can scan for malware in your BIOS.

I have prepared many powerful free utilities that people have compiled in the form of a DVD or CD, so I will have at least, a chance.

Image
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

Ok.... I have been able to reset both BIOS after a few fight rounds, you know, "exceptions everywhere", that is Windows, we know it.

Fortunately, now I am able to get into Secure Mode through F8. I have learned something very simple, yet very valuable, so remember this for you too: When traying to get into Save Mode through F8 command, don't be impatient, it will most probably get in, but after several hours. I my case, about 6 hours, then it gave me the "Shut Down" message, but stayed there forever, if you get the Shut Down, just restart and it will get to Save Mode pressing F8 again.

I don't know if I'm going to be able to repair this crap, but at least, I can now make a study of all the parameters, save configurations, etc., then try to get back or, finally, reinstall everything again, most probably, into Win 10.
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

Hi

Many hours behind the screen here, some progress was made fortunately, but Win 7 CD will not repair anything, the system says there is nothing to repair, it does not see the boot problem. I went with many sophisticated options but they did not change anything, even if these fixes where actually applied and recognized as so by the system.

I had some problems with the recognition of the keyboard and mouse when traying to repair, very strange and incoherent behaviors that you cannot reproduce in a orderly way, not even twice, totally random so. Of course, I have set everything needed in the BIOS so to match the needs, but it keeps being random.

I will now start using some great tools you probably know, WinPE based... see....
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

Finally, I am writing to you FROM my own machine, win 7 64, as always, but I don't longer trust it. I could finally, after MANY trials and complications and exceptions, startup the system.
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

I was not giving up yet but I was worried. At least, now I can make a study case of my own computer before the next installation. But I think I cannot leave it just like that, I don't know what could happen really.

Despite all the dazzle and hassle, this is a happy end. Thank you guys for your ideas and for helping me in this problem :)
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
valis
Posts: 7299
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by valis »

Congratulations!
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

Cheers :)
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
astroman
Posts: 8406
Joined: Fri Feb 08, 2002 4:00 pm
Location: Germany

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by astroman »

I feel your pain. Respect for sustaining the battle 8)

cheers, Tom
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

Cheers Tom

It has been a hard one really, I've never seen so many exceptions in my life, never... It would take pages and pages to explain and tell you the tools used and the many strange corners I've been through, one after another, to fix very simple things.

Many of the great tools I've used are in the "Ultimate Boot CD" compilation, old, but still very relevant to fix almost anything in your PC.
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
valis
Posts: 7299
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by valis »

Yep, always have a current version of that on CD and USB, and have versions of it back all the way to 2001 or so, which helps with the old machines in the closet (if and when they still work).
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

I'm now doing the compilation of the details I need to apply in Win 10, but..., honestly, I'm a bit lost about configuration right now.

I imagine this info is here, in the Z, regarding the optimization of Win 10 for DAW usage.

It has always been the same. When I used to have XP, I was one of the latest moving to 7. Everybody would tell me, "you better do it now, you will nevertheless need it in the future, do it now", they were right :oops: Then I passed to 7, and after a few years, you brothers, would tell me: "hey, go with 10 now, you will be in trouble sooner or later, go", I didn't, they were right :oops: What's next? My word, I will not go first either next time... :lol: Never!

I have not setup a system in about almost 8 years. I expected not to setup any other system for the rest of my life. Answer: Wrong! "Things do not work this way baby", (life keeps telling me at ear level) :)

Ok, I will soon start this travel...

Welcome, my son
Welcome to the machine

Welcome, my son
Welcome to the machine
What did you dream?
It's alright, we told you what to dream

So welcome to the machine


Image
*MUSIC* The most Powerful Language in the world! *INDEED*
User avatar
Bud Weiser
Posts: 2679
Joined: Tue Sep 14, 2010 5:29 am
Location: nowhere land

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Bud Weiser »

Nestor wrote: Tue Feb 28, 2023 9:39 am
Ok, I will soon start this travel...
Install Win10 Pro x64 and wait until all the updates are downloaded and installed.
When done,- download Win10Privacy https://www.w10privacy.de/english-home/.
When your antivirus detects it as a virus,- de-activate your antivirus for a few minutes and re-download.
There is no virus, period.
Now install Win10Privacy and when asked for,- let it make a backup of the original Win10 settings before executing any changes to the system,- and from there, go thru the pages of Win10 privacy and check the desired boxes on every page.
Don´t wrap your head about it,- just check all the boxes of green rows and avoid yellow and red for the time being.
Save these settings every time before entering the next page.
When done,- re-boot.

It always worked for me. No failure or such.
Now install SCOPE and all the other stuff you need.

B.t.w.,- Win10Privacy also works for Win11.

And,- when installing Win10 now,- you might get the offer installing Win11 for free or it installs w/o asking.
IMO and for the time being,- you won´t and don´t.
Have in mind, when installing Win11, you have 10 days only to roll back to Win10,- WHEN there´s a recovery partition available.
If the latter isn´t,- you´d have to wipe the drive and install all new.

I just have that scenario w/ a 2nd laptop I aquired.
It was advertised w/ Win10Pro installed,- but the previous owner let it connected to the web before a friend of mine picked it up local.
Then he catched Covid,- and when he visited me last weekend,- there was Win11 installed w/ interupted updates.
Now I have a prob to roll back ...

just sayin´ ...

good luck and all the best

:)

Bud
User avatar
Nestor
Posts: 6682
Joined: Tue Mar 27, 2001 4:00 pm
Location: Fourth Dimension Paradise, Cloud Nine!

Re: DANGEROUS VIRUS: "LOJAX", PLEASE READ AND TAKE CARE

Post by Nestor »

Thank you for your generosity in explaining me this things. True, I did not think about it, but everybody tells me that Win 10 without updates it's a problem, it gets slow and things like that. I will not get into 11, my whole philosophy is coming very late to a new OS, always... :D
*MUSIC* The most Powerful Language in the world! *INDEED*
Post Reply