Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistant Spyware Symptoms After Reformat/Reinstall of Win XP Home


  • Please log in to reply
7 replies to this topic

#1 comhunter

comhunter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:FL
  • Local time:03:21 AM

Posted 24 July 2009 - 06:41 AM

Hello,

I'm having an issue with a Gateway M305X CRV Laptop. When I got it to work on from a friend, it was displaying spyware symptoms. These symptoms were IE 7 opening windows automatically and constantly refreshing the open IE window. She had run malware bytes and adAware with no luck.

When I got the laptop, I tried a system restore using ERD commander with no luck...so I opted to reinstall the operating system instead of trying to clean it since it was near impossible to work with...the more you click to open things, the more IE windows open up.

To prep for the first reinstall, I used the UBCD (Ultimate Boot Disk) to run FDisk to delete the partitions and a format command through DOS. I then used the Gateway OS CD to reinstall XP. Before I could get the updates finished, I began to have the same symptoms again.
Figuring that it was buried in a partition somewhere, I removed the hard drive from the laptop and connected it to my Vista machine running Trend Micro Enterprise. I did a full scan after updating the scanning software of Trend Micro, Spybot S&D, adAware, and Malware Bytes. ALL of the scans came back with no reported problems. I ran Hijack with no reported problems.

Figuring that the format in DOS wasn't enough, I downloaded the latest utility from the hard drive manufacturer (HITACHI) and ran an erase boot sector (overwrite the sector with zeroes...stated in the utility) and the erase hard drive utility which took about 2-3 hrs. I then reinstalled Windows XP Home from the same Gateway CD and still had issues after connecting to the network to download windows updates.
I also flashed the BIOS, just in case, but the problem continued. Unfortunately, the BIOS update supplied by gateway in this instance uses a Windows utility so I couldnít do through DOS.

Thinking it was something on the network, I proceeded to redo the above procedure and put it on a different network. Same results before I could even get connected to the network. With much difficulty, I figured it needed an update so I got all the lastest updates for the machine from windows including SP3 and IE 8 with no luck.

Frustrated, I took the drive out again and used my Vista machine to look at the partitions on the drive using diskpart. I erased the 1 partition it found and formatted the drive through the computer management console. This time I installed XP pro and yielded the same results even though I never connected to the network.

At my wits end, I decided to use another drive I knew to be clean from another laptop and as soon as Windows booted for the first time, Iím getting the same symptomsÖIE windows opening and the open window refreshing constantly.

Iíve been in the tech support field for 10 years and have never seen a clean reinstall have issues like this right out of the gate. Iíve done tons of installs of all different OSís and pcís and never had a problem like this. Iím not sure that I conveyed all I did, but this is the bulk of it.

NOTE: A safe mode boot has the same symptoms and it is difficult, but not impossible to run programs from a USB (Iíve also scanned my USB which came out clean). Currently I have XP Home installing (will be done by the time I get a reply, Iím sure) since that is the OS that belongs on the machine. Iím guessing that if the BIOS is the culprit, flashing from windows carried the problem to the new version.
Any ideas or suggestions are greatly appreciated!

*EDIT* - I also took the CMOS battery out...no effect other than to reset the date/time back to the default. I reset the BIOS to defaults w/no effect.


Thanks!!

Edited by comhunter, 24 July 2009 - 06:43 AM.


BC AdBot (Login to Remove)

 


#2 zesler

zesler

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 July 2009 - 11:17 AM

Well there are two things that you could do. One would be to remove IE[IE.exe so the executable won't run] and see if it still presists? (http://support.microsoft.com/kb/957700) I'm guessing booting into linux (via a live disc) isn't a problem?
Posted Image

#3 comhunter

comhunter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:FL
  • Local time:03:21 AM

Posted 24 July 2009 - 11:31 AM

Well there are two things that you could do. One would be to remove IE[IE.exe so the executable won't run] and see if it still presists? (http://support.microsoft.com/kb/957700) I'm guessing booting into linux (via a live disc) isn't a problem?


Zesler:

These symptoms appeared before the install of IE 8. I removed the IE throught add/remove windows components (disables IE in the start menu and removes shortcuts) which keeps the IE from opening up, but the Internet connection wizard opens in it's place.

I tried installing firefox and both firefox and IE go crazy opening windows and refreshing the current window, no matter which was the default browser, although the default browser did it more.

I'm in the process of updating everything, but I have to wait for the automatic updates to download and install because the browser keeps reverting back to the home page.

IE 8 was just installed and it is still displaying the same problems.

When I boot from a disk, it works normally....like the XP shell on the ERD commander disk.

Thanks,

CH

Edited by comhunter, 24 July 2009 - 11:32 AM.


#4 zesler

zesler

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 July 2009 - 11:47 AM

Well there are two things that you could do. One would be to remove IE[IE.exe so the executable won't run] and see if it still presists? (http://support.microsoft.com/kb/957700) I'm guessing booting into linux (via a live disc) isn't a problem?


Zesler:

These symptoms appeared before the install of IE 8. I removed the IE throught add/remove windows components (disables IE in the start menu and removes shortcuts) which keeps the IE from opening up, but the Internet connection wizard opens in it's place.

I tried installing firefox and both firefox and IE go crazy opening windows and refreshing the current window, no matter which was the default browser, although the default browser did it more.

I'm in the process of updating everything, but I have to wait for the automatic updates to download and install because the browser keeps reverting back to the home page.

IE 8 was just installed and it is still displaying the same problems.

When I boot from a disk, it works normally....like the XP shell on the ERD commander disk.

Thanks,

CH


I'm guessing running safe mode without network support isn't an option ether. You could also try disabling TCP/IP (http://bink.nu/forums/t/5916.aspx) and seeing if the same thing happens again.
Posted Image

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:21 AM

Posted 24 July 2009 - 11:59 AM

Run any tests on the RAM?

Memtest86+ - Advanced Memory Diagnostic Tool - http://www.memtest.org/#downiso

Icrontic Ľ Diagnose with Memtest86+ - http://icrontic.com/articles/diagnose_with_memtest86

Louis

#6 comhunter

comhunter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:FL
  • Local time:03:21 AM

Posted 24 July 2009 - 12:34 PM

I'm guessing running safe mode without network support isn't an option ether. You could also try disabling TCP/IP (http://bink.nu/forums/t/5916.aspx) and seeing if the same thing happens again.



The windows open regardless of the network being setup. It was doing this before I installed the network card drivers and connected it to the net.

Thanks :thumbsup:

CH

#7 comhunter

comhunter
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:FL
  • Local time:03:21 AM

Posted 27 July 2009 - 11:09 AM

Run any tests on the RAM?

Memtest86+ - Advanced Memory Diagnostic Tool - http://www.memtest.org/#downiso

Icrontic Ľ Diagnose with Memtest86+ - http://icrontic.com/articles/diagnose_with_memtest86

Louis



Memtest came back with no errors. I took out the existing chip and replaced it with another from a similar machine...same problems.

Thanks.

#8 zesler

zesler

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 27 July 2009 - 12:53 PM

I'm guessing you've already tried linux? Do you have a different Win OS (like Vista?)? try installing a different OS and see if you get the same result.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users