Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New HP ENVY#2, Malware Already!!


  • Please log in to reply
11 replies to this topic

#1 Justa

Justa

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:12 PM

Posted 27 December 2013 - 09:37 PM

I just got this machine and started to bring it up.  Machine came with NIS free for 60 days so I activated ASAP to provide some protection as I was loading new apps.  I then loaded Malwarebytes Pro so real time protection was activated very quickly.  I also loaded Spywareblaster & updated the database and enabled everything.  I always load Mozilla Firefox very early on and security add ons; no script, adblocker plus, WOT as I find it very useful to avoid nasty sites and ghostery.

I wanted to load advanced uninstaller as it works on 64 bit apps as well as 32 bit.  I screwed up and loaded advanced installer in error first but quickly uninstalled.  Both of these apps seem to have a decent reputation but I may have loaded one from CNN site.  CNN seems to be a horrendous distributor of malicious software attached to legit app downloads.  I am extremely careful to remove check marks to add extra apps and I really believe I didn’t miss any unless they had it in the middle of the license agreement.  Much later things were still going well and I made a purchase from EBay and paid through PayPal.  Around this time a new windows popped up that included “driverdiv.net” in the URL of the popup.  It appeared my security software didn’t allow it to completely bring up the fake window to suck you into one of many fraudulent traps.  Checking my security software Norton NIS looked fine but when I checked Security in Control Panel it indicated Windows defender and NIS were not running.

I think my entire system has been infected with the driverdiv malware.  In no scrip the second script listed to allow to run is driverdiv.net in most of the sites.  I think my system is doomed.

Since I only started loading software on this new machine I am considering wiping the entire drive clean and starting over but would have to leave the Recovery Partition D to reload everything.

Am I at risk if I wipe everything except the Recovery Partition D or will the recovery partition re-infect everything?

Do I have to worry at all about the BIOS and if so what can I do to make sure I can bring this machine back up clean of any malware.

Interesting that Malwarebytes, Norton NIS & now 360 scans have all been clean.  Scans with SuperAntiSpyware have only shown tracking cookies.

Thanks!



BC AdBot (Login to Remove)

 


#2 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:12 PM

Posted 28 December 2013 - 12:03 PM

Hi folks,

Just to make sure the topic is clear this is a different HP ENVY (HP I7-j037cl) than the one (HP m7-j010dx) I posted earlier this month.  This is not a double post.  These are personal machines I own and I do not repair PC's as a business.  I probably should have explained this since both my machines are ENVY's.

 

It looks to me like I need to do a complete restore and will wipe all of the hardrive but I have to keep recovery partition "D" to reinsall the software.

 

Is it likely that recovery partition "D" is also infected and will reload all the malware?  Is the BIOS safe or do I need to worry about that too.

 

Thanks



#3 philk272

philk272

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 28 December 2013 - 01:09 PM

Here is a link to a removal guide for driverdiv:

 

http://malwaretips.com/blogs/gip-driverdiv-net-removal/

 

This link was deemed safe by Web of Trust.

 

phil



#4 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:12 PM

Posted 28 December 2013 - 02:22 PM

Hi Phil,

Thanks so much for taking the time to post.  The removal process is very long and it appears that it would be very easy to miss something.  Since the computer is only a few days old I will just bite the bullet and wipe everything but the restore partition "D" and start from ground zero and reload everything.  I will never download anything from CNN again.  They have so much hidden junk you have to uncheck to avoid malicious programs.  Thing is that I am extremely careful to check each page during a download and I don't believe I missed one.

 

I really appreciate your post as it has made it very clear on my best option to eradicate the malware.

 

Have a great day,

Randy



#5 philk272

philk272

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 28 December 2013 - 02:38 PM

Hello Randy,

 

Since the computer is brand new, doing a re-install is the safest and surest way to get back to a clean system.

 

Malwarebytes Pro will help block the bad guys, but I would also consider installing WinPatrol:

 

http://www.winpatrol.com/

 

WinPatrol monitors your registry for changes to your startup programs. It blocks these changes until you give permission.

 

Since most malware gains a foothold via registry changes, WInPatrol can be another layer of protection.

 

I use the paid versions of Malwarebytes and WinPatrol.

 

phil



#6 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:12 PM

Posted 28 December 2013 - 08:51 PM

Thanks Phil,

I can’t believe I have had two security breaches on new Win 8 machines running the same security apps as I did on my last Win 7 laptop and used it over 3 years without any malicious software attacks.  I think part of my problem is that I need to go much slower with Win 8 until I am as familiar with it as Win 7.

Thanks for the suggestion on the WinPatrol app to check all new start ups.  I didn’t seem to need this on my Win 7 machine but back when I was running XP I used a similar app to prevent unwanted start ups and I found it very effective.  I will check it out for sure.

So tonight I will back up my latest infected machine then have Win 8 completely wipe the hard drive before I start the process of reloading software.

Thanks again for the help!



#7 philk272

philk272

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 28 December 2013 - 11:56 PM

Hello Randy,

 

Windows 8 comes with Windows Defender as the default AV program. If you want to use something else, such as Norton Internet Security, be sure to disable the Real Time Protection in the Windows Defender Settings tab.

 

Having more than one AV program active will lead to conflicts and actually make your system less secure.

 

I use Windows Defender along with the two other programs I mentioned (MBAM Pro and WinPatrol Plus) and haven't had any issues.

 

You will be much happier after you install Windows 8.1. Among other changes, it lets you boot directly to the desktop.

 

phil



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:12 AM

Posted 30 December 2013 - 01:54 PM


CNET and malware discussion topic

Recommended third-party download hosting sites:
* MajorGeeks
* SnapFiles
* FileHippo

Some more reading resources:
About those Toolbars and Add-ons which change your browser settings - Removal Tips
Supplementing your Anti-Virus Program with Anti-Malware Tools
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:12 PM

Posted 02 January 2014 - 11:07 AM

I wound up playing it safe and completely wiping and reloading the operating system. Gip driverdiv seemed to be everywhere on my machine. Watching No-Script closely, gip driver-div implanted itself firmly in the #2 script blocking site right after the main page. Allowing script to run from the #2 position had been relatively safe and if a page didn't run I would allow script to run starting in the #2 position and work my way up on at a time until the page would run. So it looks like No-Script is still a wonderful tool to prevent malicious malware from running malware may be present in any position but if you don't recognize it don't allow it to run until you have done some web searches for info first. I have noticed that malicious script is often so new sometimes almost nothing will come up on a search. I will not allow any of these to run. I am quite embarrassed at the foolish mistakes I have made. I used to trust CNET for downloads but have also noticed lots of malware come along with downloads from CNET. Thanks for the tip on safer download sites Quietman! Another thing I have learned is how quickly malware can change it's attack vectors. Two years ago I was reasonably up on stuff, now I am realizing that malware attack methods change very quickly, and how little I know today. I love this forum because there are so many posters here that are "Spot On" you can pretty much trust what is posted here and if it's not "Spot On" it is corrected almost immediately. Yeah Bleeping Computer!!!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:12 AM

Posted 02 January 2014 - 11:39 AM


You may want to read these topics.
How Malware Spreads - How did I get infected
Best Practices for Safe Computing - Prevention of Malware Infection
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:12 PM

Posted 02 January 2014 - 02:13 PM

Thanks Quietman, Just what I need to brush up on! I need to start from ground zero again and cover all the bases. I noticed the pros here are using lots of software I haven't even heard of. Time for me to get busy and spend a lot more time here. I'm trying to learn a new Galaxy S4 and Microsoft Office 2013 at the same time. Oh well, I love this new stuff and can't wait to become proficient on all of the devices.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:12 AM

Posted 02 January 2014 - 02:34 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users