A friend recently brought me his Lenovo ThinkPad SL510 laptop with Windows 7 Professional 64-bit installed. It is hosed by some type of malware/virus/root kit/redirect that shows up as a white screen immediately after the laptop boots completely into Windows (right after the Welcome screen). The laptop will do nothing further and has to be shut off by holding the power button down.
The white screen has the following error message on it (verbatim, my quotes):
"Your computer has encountered a non-recoverable error.
Please ship it to “The Coding source” for free repair at following address.
Please make it sure to add your return address and contact number for proper return. Shipping cost will be paid back upon receiving the device.
The Coding Source
3415 S. Sepulveda Blvd. 10th Floor,
Los Angeles, CA 90034
Please feel free to contact email@example.com for any questions."
I initially did a Startup Repair and restored Windows 7 and all the drivers and applications from the hard drive recovery partition, thinking this would wipe out whatever the problem was. Once the restore completed, I connected wirelessly to the Internet (at home) and began downloading Windows updates and installing utility software, including the latest Java update (26), which I was prompted to download and install. I also would attempt to install Microsoft Security Essentials to hopefully prevent a reoccurrence of the problem.
After about 10-15 minutes, the laptop would abruptly restart without warning, and when it booted into Windows, the white screen with the error message on it would appear again, leaving the laptop non-functional again. Apparently, the unannounced restart was part of loading/installing the malware/virus/redirect, etc.
It seemed pretty strange that this thing could duplicate itself after a complete factory restore, so I then completely wiped the hard drive with the latest version of Darik's Boot and Nuke, thinking that would rid me of it once and for all. Fortunately, I have the Lenovo factory recovery disks for the laptop, which I actually purchased through Craigslist about a year ago. The seller of the disks was not local, and he also created 64-bit restore disks that he included with the actual 32-bit Lenovo factory restore disks. As I remember, these disks are specifically for the SL510 model laptop, as they perform the complete factory restore without problems. Also, these disks erase the hard drive and recreate the restore partitions as part of the process. Further, when I had problems after reinstalling with the 64-bit disks, I scanned the disks with Security Essentials, and nothing bad turned up.
To make a long story short, after the first complete wipe of the hard drive and factory restore using the 64-bit disks (2), I connected wirelessly to the Internet again and start doing the updates like I had done before (including Java 26). Lo and behold, about like clockwork, the laptop shut down unexpectedly after about 15 minutes and on reboot, the white screen with the error message appeared again!! Can you say AAARRGGHH??
Thinking the problem was related to the 64-bit restore disks the seller made, I did another complete hard drive wipe and restored using the authentic Lenovo 32-bit restore disks. And of course, after the process was complete, the white screen appeared again, shortly after I connected to the Internet and began downloading and installing updates and antivirus software.
All I can figure out is that I am downloading and/or installing something, or something downloads and installs itself, after I connect to the Internet. Perhaps it is somehow related to the Lenovo "bloatware" that is installed as part of the factory restore process, or maybe the Java 26 update that quickly prompts to be installed right after the factory restore process completes. I really don't get much time for updating before the malware "installs" itself and reboots to the white error screen. As I remember, there are a couple of Windows updates that install right after the recovery process completes and the laptop will automatically reboot unless you postpone it. Perhaps the problem is somehow related to that.
I've Googled "The Coding Source" numerous times and absolutely nothing comes up except the name of a business in Los Angeles that specializes in medical coding. For the heck of it, I went to their web site (http://www.thecodingsource.com/) and emailed their main contact address, firstname.lastname@example.org, to see if they had been contacted at all about this problem. Curiously, the email promptly bounced back to me. I didn't try the email address in the white screen message, email@example.com, thinking that was too risky. The physical address listed on the web site of The Coding Source is the same as the one listed in the white error screen EXCEPT the error screen says "10th floor" while the web site says "9th floor".
Anyway, I am completely dumbfounded here and if anyone can shed some light on this or point me in the right direction, I would certainly appreciate it, thanks!!
P.S. I confirmed the 32-bit Lenovo factory restore disks are for this ThinkPad model laptop, the SL510. I can only assume the 64-bit disks are the proper ones as well, as they did the restore properly without errors. The complete restore process takes a long time, around an hour or more, due I think to the abundance of Lenovo bloatware on the disks.
Also, I am currently doing another 64-bit factory restore, without the initial hard drive wipe by Darik's and using only the 1st of the 2 restore disks, eliminating the Applications and Drivers restore disk, to hopefully limit the amount of bloatware installed. I'm planning on getting the white screen again, and will then do another hard drive wipe and reinstall with a non-Lenovo Windows 7 Professional 64-bit OEM disk, letting Windows install drivers and I will manually install any leftovers, while NOT installing any unnecessary Lenovo software.
Edited by gondo, 16 August 2011 - 09:58 PM.