Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Root Kit Virus? No Internet Connection


  • This topic is locked This topic is locked
12 replies to this topic

#1 Gibbons123

Gibbons123

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 28 November 2012 - 11:01 AM

My personal laptop (running Windows Vista Home Premium Service Pack 2) is having some issues...

For a bit of background, I had the Google redirect virus and was trying to get rid of it. I have also had problems with my Windows Update, which will not run. (I actually discovered I may have a rootkit virus by searching the internet for what to do when your Windows Update doesn't work.) I am also not able to set up a firewall, as I get a pop-up box saying it is not allowed. I have no problem booting up my computer, and I can still run basic applications (like iTunes).

My antivirus software is AVG Free Edition 2012, and I also have Malware Bytes installed. I ran both of those to try and get rid of the Google redirect virus, but now my computer will no longer connect to the internet. When I hover over the network icon on the taskbar, it says "Currently connected to: Identifying... (network name); Access: Limited Connectivity". I know the issue is not with my router or modem because my wife's computer and my Playstation 3 have no issues connecting to the same network. Also on the taskbar, my AVG icon has a yellow triangular caution symbol over it, and when I open it up it says: "anti-virus database is outdated" but I cannot connect to the internet to update it.

So, here I am. Since my internet is not working, I have to download files (such as DDS) from another computer and carry them over to my personal laptop via a flash drive. I am also traveling a bit right now, so any help posted in here may also take me a couple of days to get to (apologies in advance). I downloaded and ran DDS on my laptop; the DDS log is below and the Attach.txt file is attached. Thank you so much for any help you might be able to provide!


DDS Log:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 1.6.0_31
Run by Graham at 17:15:27 on 2012-11-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1100 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ccfaa5a9\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=1008&m=p-6318u_hsn
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=1008&m=p-6318u_hsn
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=1008&m=p-6318u_hsn
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\partner\partner.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - c:\program files\winzip courier\wzwmcie.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: <No Name>: - LocalServer32 - <no file>
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Google Update] "c:\users\graham\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [eRecoveryService] <no file>
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{80D59F1D-6E4B-41A1-9A64-5BAC4D94FDA7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DC19B43C-A38F-471F-BF3E-4A9271ED0A5A} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\graham\appdata\roaming\mozilla\firefox\profiles\o3w4os8g.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=wCwWRjMq&q=
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\users\graham\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\graham\appdata\roaming\move networks\plugins\npqmp071504000001.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - ExtSQL: 2012-10-05 08:46; {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}; c:\users\graham\appdata\roaming\mozilla\firefox\profiles\o3w4os8g.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=wCwWRjMq&q=
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ETService;Empowering Technology Service;c:\program files\gateway\gateway recovery management\service\ETService.exe [2008-10-16 24576]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-09-21 19:00:04 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 19:00:04 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 17:16:02.58 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:14 PM

Posted 29 November 2012 - 10:54 PM

Gibbons123,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.
  • Since you cannot get on the Internet, please download any file asked for to a flash drive and then transfer them to the infected computer.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.




:step1: Please download and run Combofix:

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Notes:
  • Combofix may need to reboot your computer more than once to do its job. This is normal.
  • When finished, it will produce a report for you.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Gibbons123

Gibbons123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 30 November 2012 - 10:26 AM

Thanks for the quick response, Jason. I have done personal banking on this computer in the past, and have gone through the appropriate actions to notify my bank of the situation. I have changed my passwords for all banking as well as other online sites (i.e., bills, Amazon, etc) from a clean PC. I would still like to proceed with cleaning this machine so that I do not have to purchase another. However, before I proceed with Combofix, I wanted to ask one thing:

Would it be better for me to just reformat my hard drive? I purchased this machine off of eBay a few years ago, and it did not come with the Vista OS disk. However, I have been wanting to upgrade my OS to either Windows 7 or Windows 8, and would be willing to purchase a copy of either OS for the upgrade. The amount of time associated with reformatting my computer would not be issue. I am also not worried about the hard drive being wiped clean; all of my important files (i.e., pictures, music) are currently or can easily be backed up.

Similarly, if the best idea is reformat my hard drive, would you still advise running Combofix and subsequent clean-up steps prior to reformatting?

Thank you, and I will proceed according to how you respond to these questions.

Edited by Gibbons123, 30 November 2012 - 10:55 AM.


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:14 PM

Posted 30 November 2012 - 11:58 AM

Gibbons123,

It is entirely up to you how we proceed. The infection you have is called ZeroAccess, and the version you have is detected and removed well with a number of malware removal tools, (it's a relatively older version that's been around for a while). If you were to reformat, you could safely backup your files to a flash dive, external hard drive, or CD/DVD before reformatting, and then copy them over to the reformatted operating system. Since you said it's not a question of the time required to reformat, I might consider what the hardware specifics are of this computer - you mentioned it's a few years old, so it likely does not have ideal hardware to run Windows 7 or Windows 8 (that is, there might not be a lot of memory, aka RAM, installed, the CPU might be slower, etc.) Also, personally, if I were given the option between upgrading to Windows 7 or Windows 8, I would choose Windows 7. The new tile interface of Windows 8 (what was once called Metro UI) isn't quite suited for keyboard and mouse usage, and works better on touchscreen monitors; it takes a while getting used to it.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Gibbons123

Gibbons123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 04 December 2012 - 07:58 AM

Jason, sorry for the delayed response.

I spent the weekend reading about the pros and cons of both Windows 7 and 8, and I agree that 7 would be a better fit for me. I have checked my system specifications and I believe my machine will be able to support 7 and run it smoothly. The machine is a Gateway P-6318u HSN, 2.0 GHz dual-core processor, and 2.0 GB of RAM. All of these surpass the system requirements Microsoft specifies for Windows 7 (http://windows.microsoft.com/systemrequirements). The RAM may be a little low, but it's still technically enough to run the OS with room to spare. The Windows 7 system requirements appear to be the same as the Vista requirements listed for Home Premium (http://support.microsoft.com/kb/919183), so I believe I should be okay to run Windows 7.

Sorry to keep bombarding you with questions, but I have a few more before I decide whether to run Combofix and attempt to clean the machine, or just purchase and upgrade to Windows 7:

1) I purchased my computer from eBay a few years ago and it did not come with the Vista OS disc. Is it possible to do a clean install of Windows 7 using the upgrade software? Or would I have to purchase the full version of Windows 7? In looking around on the internet, it looks like using upgrade software to run a clean install is possible, but you would need the Vista OS disc as well (which I don't have). So, it looks like my only option is to purchase the full version. Is this correct?

2) Aside from question #1, my only holdup right now in purchasing Windows 7 is the cost. Amazon has the full version of the software for $167 (normally $200). A coworker told me about Trinity Software Consultants and they have the full version for $72. I also found a website called "bundle-software" and they have the full version for $80. Given that Windows 8 has just come out and people are clamoring for it, I figured I could get Windows 7 for cheaper than listed at those sites. I was hoping for something around $50, but have not been able to find it. Aside from eBay, do you have any ideas of any websites that sell discounted operating system software?

3) My current version of Vista is a 32-bit operating system. Does this mean I should get the 32-bit version of Windows 7?

Thanks!

Edited by Gibbons123, 04 December 2012 - 08:03 AM.


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:14 PM

Posted 04 December 2012 - 09:29 AM

Gibbons123,

1) I purchased my computer from eBay a few years ago and it did not come with the Vista OS disc. Is it possible to do a clean install of Windows 7 using the upgrade software? Or would I have to purchase the full version of Windows 7? In looking around on the internet, it looks like using upgrade software to run a clean install is possible, but you would need the Vista OS disc as well (which I don't have). So, it looks like my only option is to purchase the full version. Is this correct?


Yes, as far as I can also tell, you'll need to purchase the full version of Windows 7. (Also from my experience and other's recommendations, it's usually simpler and less prone to error to completely reformat as opposed to just upgrading.)

2) Aside from question #1, my only holdup right now in purchasing Windows 7 is the cost. Amazon has the full version of the software for $167 (normally $200). A coworker told me about Trinity Software Consultants and they have the full version for $72. I also found a website called "bundle-software" and they have the full version for $80. Given that Windows 8 has just come out and people are clamoring for it, I figured I could get Windows 7 for cheaper than listed at those sites. I was hoping for something around $50, but have not been able to find it. Aside from eBay, do you have any ideas of any websites that sell discounted operating system software?


I haven't heard of a website called "bundle-software." Amazon looks to be one of the cheapest options. Walmart also sells it for $92 + Shipping and Handling. You may also be able to get a discount through your work; your IT support should know.

3) My current version of Vista is a 32-bit operating system. Does this mean I should get the 32-bit version of Windows 7?


The question is whether the processor supports 64-bit. After doing some research, it appears that your processor does support 64-bit (double check that the Intel Pentium Dual-Core T3200 is the model of your processor; it appears as though the Gateway P-6318u HSN comes with that processor.)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Gibbons123

Gibbons123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 04 December 2012 - 11:23 AM

Yes, you are correct that the processor is the Intel Pentium Dual-Core T3200. Given the choice between 32- and 64-bit, I'm assuming that it would be better to go with the 64-bit?

Based on the exchange we've had in this thread, I believe I'm going to go forward with purchasing Windows 7 and reformatting my computer. That said, do you think it would still be advisable to try and run combofix and clean the machine prior to installing Windows 7? Or should I just forget about that and install Windows 7?

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:14 PM

Posted 04 December 2012 - 11:43 AM

Yes, it would be better to go with 64-bit. I'm not sure if your motherboard supports greater than 4GB of RAM (memory), but 64-bit has the advantage of supporting more than 4GB of RAM, if you ever wanted to upgrade.

You can just forget about Combofix and completely reformat your computer when installing Windows 7. This erases every part of Vista and all of your documents and programs, which will erase the current virus infection. Some viruses can infect legit files, but I don't think this is the case here (there should not be any infected files, i.e. backing up your data and then copying it back to the newly reformatted computer should not transfer any of the virus infection to Windows 7).
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 Gibbons123

Gibbons123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 04 December 2012 - 01:55 PM

I asked my IT department about this, but figured I'd ask you as well: Do I run any risks by purchasing the OEM version of the software instead of the full retail version? The Microsoft license language seems to really specify that the OEM software should only be purchased and used by system builders who plan to install the OS on a machine and then sell the machine to a consumer. Since this fix is to my personal computer, would there be any issues if I purchase and use the OEM version and then don't sell the machine? My IT department said that there wouldn't be an issue, but I figured I'd ask you as well. The OEM version is obviously cheaper than the retail version, and therein lies my reason for wanting to get it.

I also plan to upgrade my RAM at some point in the future. I will probably focus on upgrading the OS first and then get the RAM upgrade sometime thereafter. Thank you for all of your help.

#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:14 PM

Posted 05 December 2012 - 06:33 PM

I don't think there is an issue with purchasing an OEM version. Since your computer is relatively old, Windows 7 should be able to recognize and install most hardware drivers associated with your computer (meaning you likely won't have to search Gateway's website for updated drivers to get your hardware working.)

When you do get to upgrading the RAM, I recommend Newegg

And you're welcome for the help. :)

Edited by jntkwx, 05 December 2012 - 06:33 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:14 PM

Posted 08 December 2012 - 10:45 AM

Gibbons123,

Do you have any further questions?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Gibbons123

Gibbons123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 10 December 2012 - 08:02 AM

Nope, no further questions! Thank you for your help. Feel free to close/lock this thread.

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:14 PM

Posted 10 December 2012 - 08:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users