All-Radio 4.27 Portable Can't Be Removed? Then Your PC Is Severely Infected

CaptainDork shares a report from Bleeping Computer: Starting yesterday, there have been numerous reports of people's Windows computers being infected with something called "All-Radio 4.27 Portable." After researching this heavily today, it has been determined that seeing this program is a symptom of a much bigger problem on your computer. If your computer is suddenly displaying the above program, then your computer is infected with malware that installs rootkits, miners, information-stealing Trojans, and a program that is using your computer to send send out spam.

Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help. Due to this, if you are infected with this malware, I strongly suggest that you create a malware removal help topic in our Virus Removal forum in order to receive one-on-one help in cleaning your computer. Some of the VirusTotal scans associated with this infection have also indicated that an information stealing Trojan could have been installed by this malware bundle as well. Therefore, it is strongly suggested that you change your passwords using a clean machine if you had logged into any accounts while infected. 6/29/18: The story has been updated to specify that this malware campaign is targeting Windows computers.

Re:Data yes, OS and programs, no

[LostMyBeaver]

Huh? What operating system are you using?

Out of the box, Windows sets you up with OneDrive and points all of your storage stuff to OneDrive. The result is that all your files are backed up.

Out of the box, Apple sets up iCloud and points all your file storage to iCloud. The result is that all your files are backed up.

You can use DropBox or a thousand alternatives if you want.

If you want a better solution, you can use either Windows Backup and Restore or Apple Time Machine which does pretty much the same thing.

If you're a developer, then all your stuff is on Github or similar.

As for applications, Windows Store and App Store makes that pretty quick and simple. Of course, there are some other programs you would install otherwise, but it's not like you can't download them.

Also, if you have a Mac or a Microsoft Surface, you can simply reinstall the OS no matter how bungled it may by simply connecting to the Internet from the UEFI system and recovering from the cloud for example.

You have to be an absolute moron in 2018 to no have access to all your stuff.

That said, to be honest, I have absolutely no idea how to maintain good backups of my Linux systems. I keep most of my stuff on Github. Other than VS Code and .NET Core, I don't really use much more than a simple Linux install anyway. I don't use anything but Raspberry, Orange and Banana Pis for servers anymore. I have 25,000 of them now. When they die, I just throw them away and get more.

Re: Nuke & Pave

[Anonymous+Brave+Guy]

Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.

Sadly today that last part is also very significant. Thanks to the mess of modern infrastructure like UEFI, everybody's device having embedded functionality that can be updated, and processors-within-processors, it's basically impossible to ever fully trust a system that has been compromised now, no matter how drastic your recovery procedures might be. Of course, for similar reasons it's also basically impossible to trust a system that you don't know has been compromised either. Security in modern tech is broken, and the tech industry and security services broke it.

What happened to bootdisks ?!

[DrYak]

But it's the bit before that which really matters:

You can’t clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can’t be trusted. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it.

That why you don't try anything from within the compromised system.
Either you try all your effort from a known clean bootdisk (CD, USB stick, etc),
or even better, you disconnect the drive and connect it to a known clean machine.

A non compromised OS will not lie about what is on the disk of another system, even if that other (non-currently running system) happens to be compromised.

(The sole exception being malware like ransomware that encrypt your data. Then nobody except the hacker holding the decryption key can read that disk).

Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.

Well, the attack of firmware (UEFI) or "management chips" running their own firmware (Intel ME engine and co) is indeed an entirely different level of scary.

And given the almost total disappearance of socketed flashchips to hold these firmwares, any chance to recover from that becomes bleak.