Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Corrupt machines

  • This topic is locked This topic is locked
3 replies to this topic

#1 Albear


  • Members
  • 63 posts
  • Local time:01:17 AM

Posted 13 March 2010 - 06:24 PM

I purchased a brand new Dell desktop which was delivered 1st September 2009. On 2nd September after setup I had a message to tell me there was an error with Vista. I took out 4 years hardware cover with Dell. Dell told me the message meant my operating system was corrupt and the disc would need wiping and then reinstalling and they could send an engineer out to do it, I said fine then they told me it would cost me 155!! I was miffed but accepted. Since then it has played up, as has my laptop. I paid dell (Presto for 12 month software cover[4 issues] and in December had to renew, they suggested as I had a free windows 7 upgrade to do it and they said it would solve my problems. I felt my machine had been hijacked becuase often when I'd boot up I'd see evidence of two network connections but one would dissapear. When I converted I could see in Network and Security centre a virtual private network, I disabled the wireless adapter and went back to cable. In particular Mcafee total protection kept failing and Mcafee were blaming the operating sytem and Dell were telling me there was nothing wrong with it!! 4 weks ago, Mcafee was reinstalled by Mcafee because it would not download BUT i could not configure it, They worked on my machine on and off for sveral hours each day rmotley to try and cure but could not. Eventually last week it went up to their highest level (I think?) and the guy who came on ran one last tool on the laptop because real time scanning was knocking itself off on that. He ran combo fix and it found a rootkity (starting S-1-5... the id of a user on lots of my files security tab). The same rootkit was found on this machine and removed. But Mcafee still failed, he told me it was a corrupt OS.
I had questioned presto about network diagnostic refusing to start on this desktop and i was told what was i worried about my computer was working?? On the back tab of the service there was a password set?????
Anyway I went into PC World Thursday and asked them to wipe my laptop and then thursday evening I reinstalled from the original Toshiba recovery disc which I am told is not writable. The install went ok but that evening , the machine installed updates when I restarted which i had nota asked for, I went back into pc world on Friday told him that a root kit had been found by combofix, he ran it and the same root kit was back on????????????? The techie reckoned there must e a worm in the router I spoke to BT my isp and they insist the router has no problem. What I don't understand is the recovery disc is not writable but when i reinstalled, it had entered my machine registration number for me, I ahve been reinstaling on the laptop regular to try and solve the problem and the once, my machinse started whirring quite badly during nw installation and then the disc drive was spat out automatically and th machine shut down , when that happened i felt the dic had been corrupted too but the guy at PC World reckons that would be impossible
Tonight I put full AVG on this desktop and it came up with quite a few locked files with the root kit id S-1-5....etc and it marked about 12 unsafe network connections including Torredo tunneling (?) but even though there is a button to remove them like Mcafee before the button is 'inactive' greyed out.
My desktop is currently 7 & cable, my laptop vista home premium and wirelesss and I've wiped all my data off them and Microsoft office which I beleive became corrupt too, some of my software was corrupt anyway!!
Can you help PLEASE!!!! (I'm in England GMT timezone)

Edited by Albear, 13 March 2010 - 06:31 PM.

BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:17 PM

Posted 13 March 2010 - 08:17 PM

Welcome to BC

What I don't understand is the recovery disc is not writable

Are you sure you don't mean bootable? You want to run the recovery disc, not write anything to it. Besides, it's probably write-protected

When you had PC World reinstall your system, did they save the data and put it back on the computer?
That alone could reinfect it

Upgrading to Windows 7 instead of a fresh install is a problematic

You have to do more that simply run Combofix to fix the computer and it takes a specialized trained eye

I would suggest that you follow these instructions and submit a DDS log:

Please read the pinned topic titled "Preparation Guide For Use Before Posting A DDS / HJT Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Removal Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The MR team is very busy and it will take awhile to get to your post
Please be patient and good luck
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Albear

  • Topic Starter

  • Members
  • 63 posts
  • Local time:01:17 AM

Posted 14 March 2010 - 05:10 AM

Hi, no I didn't mean bootable. I had completley wiped the laptop of all software and data, nothing was reloaded on, only the Toshiba recovery disc.
The machine was 'scrubbed' by PC World, the recovery disc was then reinstalled. My perception then was a flaw in the windows updater. When I ran updater for the first time after reinstalling Mcafee (the only other installation after the os reinstall), I had a message that updater software was not up to date and I updated, restarted after updates being reconfigured and then when I restarted had the message update had failed, when I checked history there was no record of success or failure. I have my data stored on an external hard drive, my son is now 10 and all our photos of him since birth are there, I am really worried about keeping them secure (and whether they may be infected, also have all my docs and emails on the same external hard drive).
I will endeavour to follow the procedure you outlined. I became a computer operator back in 1974 on an ICL mainframe have have driven computers all my life since, I've been on the www since 95 at home but have never had a problem until now and I'm so upst about it. The desktop is the first good machine I've ever been able to afford!
Thank you very much for your guidance and help

Edited by Albear, 14 March 2010 - 05:13 AM.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,094 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:17 PM

Posted 14 March 2010 - 02:58 PM


Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/302503/home-computers-pc-and-laptop-continual-problems/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users