A friend told me they had suddenly open ports in their router, and they suspect a trojan.
So first I would like some way to verify that. I dont trust Windows so I ask the Linux people hahaha.
So its a Windows PC, that has to be wiped of course.
- plug put from network
- mount on Linux, copy all personal data
- overwrite that thing and reinstall maybe a better OS?
So now there are some problems.
- The BIOS could be infected, its proprietary and cant just be reflashed (I guess?)
- There are maany files that could be tampered with.
So I would like your experience. I have a flash programmer, can you just flash a vendor Bios image? I want to be really sure there is nothing on there anymore.
Can you use ClamAV or something to search files? I would think about a trojan unpacking Word files, inserting a macro and packing again, for example. Or PDFs, or anything else that you would simply keep.
What to do with the Router? If it has opened Ports, may it be infected too?
But before that I would really want to make sure its necessary.
Thanks in advance!
Honestly, id just reinstall windows, check the router for port forwarding, change the admin password on the router, and call it a day.
Then, keep an eye on it and see if the situation improves