Fails to reload Windows 11 Pro OS after being compromised

This is a bootloader level problem. If you haven’t tried, use the official Media Creation tool to create your bootable USB. Rufus uses this UEFI_NTFS open source project to boot the Windows Installer which has some compatibility problems and isn’t secure boot compatible. Also maybe reset your BIOS.

There’s also a VERY slim chance that it’s got a compromised UEFI firmware. Those things exist…

1 Like

Yes this sounds fairly simple and I do wonder, does you mum really require Windows?

I have one application that requires Windows, to manage an off grid solar system so I bought a pre-build with Win and now it’s my go to OS. Else I would use Ubuntu which is currently part of my dual boot.

All the best

You may also need to run an nvme secure erase on that stick – I can’t spot a LiveUSB linux (so no recommendation, I hope the Ubuntu LiveUSB) image that has the nvme-cli utilities that tell an NVMe SSD to ‘forget your encyption key for the storage you’re using and generate a new one, and consider all blocks as empty’.

K3n.

Yeah it would not hurt to perform a complete deletion of that drive and reinstall just to make sure. If you feel that there is something on that drive you just don’t want to lose, search for “Malwarebytes Anti-rootkit scanner”. I love Malwarebytes and I hope this is the version that you can install on a thumbdrive (from a good computer) then stick in your moms FW and scan off of directly during boot (w/o booting into Windows at all).

I would have posted the link but I don’t want you to feel like anyone is trying to trick you into clicking into more malware. :slight_smile:

1 Like

As I said, I tried using Rufus and also directly from Microsoft. Same boat either way. I can try the Ubuntu method to wipe it and see what happens.

Require is a very selective term. Like most people, she knows windows and at her age has no desire to try and learn anything else or deal with changes. So, I guess the answer is yes. LOL But from a software requirement standpoint, not really.

There is nothing on it that can’t be deleted. I plan on doing a full format on the drive for the new OS.

System Rescue is great for this kind of stuff.

If you’re seeing that UEFI:NTFS v2.5 message even with the Microsoft official DVD image, you are not booting from the right device. The Microsoft official DVD image does not use UEFI:NTFS v2.5

Well, it seems to keep getting better. ROFL (not really) Loaded Ubuntu onto a USB using Balena. Hung up twice but it finally got to the language screen to load Ubuntu. Go down the line and I get to “erase disk” option.


Click next to only get to this.

Sorry got to cut this up because of photo limit.

This is strange as I selected the “erase disk” option. I go back and attempt to do it manually but I can never get the loader to allow the next button to be pressed no matter what I tried.

I decided to load into Windows and try turning off BitLocker only to be greeted by this lovely window.


It is not on, so Windows claims.

When it rains it pours. I know I can do dumb things at times, but I am fairly sure I am not getting hung up because something I am doing or not doing here. I am feeling to the point I think a hammer to this SSD is about my only option. I have wasted so much time on this had I had the hindsight I have now I would have just bought a new SSD. I have never had one kick me like this before. But I do not tend to wind up in this situation either.

Any other last-ditch ideas before I go full hammer time? Now where are those puffy pants…

You do not need to launch the Ubuntu installer to run the nvme-cli tools to erase your SSD. You can choose “Try Ubuntu” instead.

Alternatively, you can use System Rescue which is a little lower-level–still Linux!–and does not have a guided install process for you to get tripped up on.

Once you boot it, you can follow the steps in this AskUbuntu answer starting with sudo nvme list.

If you get an error stating sudo: command not found, you can leave sudo off (if using System Rescue).

I tried the “try Ubuntu” option. It either sits on this screen


or if it does boot it goes right to this and locks up.

I will look into the System Rescue. I am about to just order a new drive, this is nonsense.

If SystemRescue doesn’t work, or hangs during boot, I suspect you have a bigger issue than a new SSD will fix.

You can also try booting Ubuntu without the SSD just to make sure. If it still fails, your problem lies elsewhere: USB, RAM, the mainboard, etc. :slight_smile:

In general, you shouldn’t destroy a component until you’ve made sure it’s the actual root cause of your issues!

Normally I would agree with you. If I load into the infected windows OS, the system “works fine” so to speak. The unit was working with no issue until it got infected. Whatever this infection is, is serious. As mentioned, it has removed the admin password while being used from a “user” account and many other things. It has also so far stopped me in my tracks from loading any OS. While I think the SSD is physically fine, it has what seems like government level spyware locking it down. Unless the malware has imbedded itself in the BIOS or some other hardware using a zero-day, I am at a loss at this point. This is not my field of expertise, but I know enough to be dangerous. That is why I am reaching out here.

If you’re going to erase the nvme drive anyway, any Linux boot disk would be enough, say arch, and then what you could do is overwrite the partition table so it can’t boot from the infected bootloader any longer.

dd if=/dev/zero of=/dev/nvme0n1 count=1 bs=1M

For example, should be enough to wipe out the bootloader. You might have to change what the of= to your specific hardware.

You can use lsblk to see what devices show up. There should be only 1 nvme drive.

I have wasted enough time messing with it. I just bought a new SSD. So “this” problem is “solved”. Now onto the next issue, for another post.

1 Like

Recently, I installed Windows 11 on two different machines and was surprised that BitLocker was mysteriously already turned on even though I had not activated Windows yet! My guess is that it is now enabled by default upon installation. The default installation just presumes everyone wants BitLocker and as soon as you activate Windows it gives you the full functionality.

Fortunately, I had already linked my token Microsoft account I use for basic installations and the recovery key had been uploaded. Why would I need the recovery key? Well when I went to dual-boot/install Ubuntu I was surprised that BitLocker was already turned on even though I had not done it. In the process of fiddling/investigating; the next time I tried to boot Windows it asked for my recovery key, ruh roh! What recovery key I thought? I pretended that I needed whatever was on the Windows installation and thankfully found the recovery key had been uploaded to the Microsoft account I used to install the OS.

The linux experts can probably expand further on manually formatting the SSD so you can start fresh again. I can not remember if I read this that Ubuntu sees BitLocker and halfway tries to not let you accidentally format the drive through some prompts.

Best wishes to you!

If it turns out that the new SSD fixes all your issues and you haven’t destroyed the old one, I will buy the potentially-compromised one from you[1]. Seriously!


  1. restrictions such as “I’m in the US” and “you’d be willing to sell it” apply (: ↩︎

Well, I was having a heck of a time trying to load windows. I kept getting this error.


I spent much time looking around the net on this issue. It seems to be a fairly common problem across many brands of equipment. THIS person was in the same boat on here. But unlike him, I made the USB using the Windows tool. And most of the posts across the internet never posted a resolution. After formatting and loading way wore times than I care to think about, I threw in the towel. I updated the BIOS and loaded Ubuntu, and it is doing fine. I have not given it back to her yet, so I have no idea how happy she is going to be, but I have spent far too much time on this. I still think there is something really nasty on this drive and I have no desire to plug it into anything to attempt to format it. I think it did embed into the old BIOS also, but I have no proof of that besides I was never able to load anything into it before updating the BIOS and new SSD. This is the drive. Amazon.com: Crucial P5 Plus 1TB PCIe Gen4 3D NAND NVMe M.2 Gaming SSD, up to 6600MB/s - CT1000P5PSSD8 Solid State Drive : Electronics All my mother does it check her mail, zoom her family, and watch stuff on it. It has had a very easy life.

1 Like

Let us know :slight_smile:
All the best

1 Like