Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downgrading in order to Upgrade?


  • Please log in to reply
24 replies to this topic

#1 warsong

warsong

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:51 AM

Posted 03 April 2014 - 11:34 AM

I hope I'm putting this in the right spot.

 

Okay, after warring with this hack for almost two weeks, I'm reformatting everything. One of the problems that hit me was my brand new laptop getting infected within 15 minutes of pulling it out of the box. (See this post http://www.bleepingcomputer.com/forums/t/529558/im-afraid-to-take-it-out-of-the-box/#entry3331013 and then this one http://www.bleepingcomputer.com/forums/t/529555/got-hit-with-a-hack-four-computers-to-fix/#entry3330993 for the backstory on this.)

 

Anyway, I've got to reformat my brand new Windows 8 laptop. Now I started doing this but the company didn't send me anything but backups to the drivers, so I had to go out and get the Windows 8 disks. Since I had to shell out the cash anyway, I went ahead and got the 8.1 full install. But these disks have limited formatting abilities and I'm afraid a straggler of the java script will get through. Now I was reading the post about the end of support for XP and saw how Windows 7 has full formatting - and that's true. My old laptop is Win 7 Home, 64bit and I have the full backup from it. In fact, I reformatted my old laptop last week and thought I had this hack licked but it came right back. (But I think I know why - it hit my new laptop when I downloaded Chrome and logged into my Google account. I think it's a setting that's corrupted in Chrome. So, no Chrome for the new laptop until I get that figured.)

 

Anyway, I was wondering, since these full 8.1 disks are designed to upgrade Win 7, can I downgrade my new laptop to 7, then promptly upgrade it to 8.1? Both are 64bit. My only concern is the 7 disks are HP and my new laptop is MSI, but I don't have to be on the internet or register anything with HP, and it will only be a few minutes before I slap the new 8,1 disks in. But this would allow me to get a correct format on the new PC in the spots Windows 8 won't let me touch.

 

Think it will work or am I just asking for trouble?

 

Thanks!



BC AdBot (Login to Remove)

 


#2 BeckoningChasm

BeckoningChasm

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 03 April 2014 - 12:12 PM

Typically, Windows OS disks that are branded with a particular company (HP, Dell, etc) won't install on hardware that isn't from that company.   You might try anyway but I wouldn't be surprised if a message popped up saying "This isn't an HP system" or words to that effect.

 

If you want to do a full format on the drive, I'd suggest that you pull it out of the laptop, put it in an external caddy and format it with a (known non-infected) system.

 

You say "these full 8.1 disks are designed to upgrade Win 7"--I'm not sure what you mean.  Is the Windows 8.1 disk a full version, or an upgrade?



#3 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,071 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:07:51 AM

Posted 03 April 2014 - 04:25 PM

IMO try grabbing an ISO copy of your edition of Win 7 off Digital River, it is free and may just work with the COA on the lap top.  If it works it will eliminate all the junk ware, you say you have the drivers that would be a home run!


Honesty & Integrity Above All!


#4 warsong

warsong
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:51 AM

Posted 03 April 2014 - 06:09 PM

Typically, Windows OS disks that are branded with a particular company (HP, Dell, etc) won't install on hardware that isn't from that company.   You might try anyway but I wouldn't be surprised if a message popped up saying "This isn't an HP system" or words to that effect.

 

If you want to do a full format on the drive, I'd suggest that you pull it out of the laptop, put it in an external caddy and format it with a (known non-infected) system.

 

You say "these full 8.1 disks are designed to upgrade Win 7"--I'm not sure what you mean.  Is the Windows 8.1 disk a full version, or an upgrade?

 

Thanks BC! That's what I was thinking too - it wouldn't install. I'd have to go to a local shop here to pull the hard drive in a non-infected system. But at this rate, I may do just that.

 

lol! The disks - yeah, I said the same  thing. On the box it says Windows 8.1 Full Version. But take the pamphlet out and it says these are designed to upgrade a Windows 7 or Vista machine to 8.1, do not use on XP. I think it's just a phrasing issue with the pamphlet and I inadvertantly picked up on it.

 

IMO try grabbing an ISO copy of your edition of Win 7 off Digital River, it is free and may just work with the COA on the lap top.  If it works it will eliminate all the junk ware, you say you have the drivers that would be a home run!

 

Great idea Phil! Let me see what I can do with that. I just tried a normal install but I moved it to the secondary drive. It installed just fine and asked me which one to boot from. I was then able to reformat the original C drive and install to there, deleting the install on the secondary drive.

 

BUT there are still serious issues despite the formatting. This makes no sense but I'll have to start a different post on that.

 

Thanks for the help guys! The d/l from Digital River is looking better all the time if I can get rid of the bad stuff that keeps jumping onboard.



#5 waldojim42

waldojim42

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Texas
  • Local time:05:51 AM

Posted 03 April 2014 - 10:09 PM

How about just getting a utility that will format it for you? Use seagate seatools to do a complete low-level format, or get a copy of Linux (run from a live DVD), etc. For that matter, you could just start the Windows 8 install utility when you get to the hard drive page, hist Shift+F10 and use Diskpart to repartition and format.


Laptop: Alienware 14 : Intel i7 4700mq : 8GB ram : Nvidia GTX 765 : 256GB Plextor M3 : 1080P IPS display

Test rig: AMD Phenom X4 955 @ 4.0Ghz : MSI 970A-G46 : 8GB Ram : 128GB Plextor M5s : 2x AMD 5770's (Flashed to 6770) : PC Power and Cooling Silencer 750 : Pioneer BR

Hackintosh : Gigabyte GA-H61m : Intel Celeron @ 3Ghz : 8GB ram : EVGA GTX 550Ti : Patriot Torx 2 64GB : Silverstone Strider ES-50 : OSX Mavericks

 


#6 warsong

warsong
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:51 AM

Posted 03 April 2014 - 11:12 PM

I thought about getting something like Killdisk or letting CC Cleaner wipe out most of it, but the Killdisk d/l was on a website that looked iffy, so I didn't do it.
 
Studying some logs, I think I have to wipe out the "recovery" area completely. I'm going to read up on posting in the other virus topics because I think I need a PC triage doc. lol! Thanks Waldojim!


#7 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:51 AM

Posted 03 April 2014 - 11:23 PM

Dont you have any warranty of some kind? Did you talk with the support? Tell them you cannot boot it and perhaps they will tell you where to get the right disks or send them to you by mail. And if you get lucky, you can have it replaced.



#8 BeckoningChasm

BeckoningChasm

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 04 April 2014 - 01:10 AM

But take the pamphlet out and it says these are designed to upgrade a Windows 7 or Vista machine to 8.1, do not use on XP.

 

I think that phrasing means that there is no direct upgrade path from XP to 8 (just as there isn't one from XP to 7), but that if you own a 7 system, an upgrade is a possibility.  For folks who want to keep their settings, programs, etc.  Just a guess.  Sometimes software companies word things a little confusingly.

 

At work, we recently had a Windows 8 system that a client wanted wiped out and put back to 7.  I basically deleted all the partitions, including the recovery partitions, and formatted it from the ground up.  BE AWARE that some companies (HP in the case of the PC I was working on) will ship Windows 8 systems that have devices (network ports, e.g.) for which they provide NO Windows 7 drivers.  It just meant a little more searching to find Windows 7 drivers for everything.



#9 warsong

warsong
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:51 AM

Posted 04 April 2014 - 04:44 AM

Dont you have any warranty of some kind? Did you talk with the support? Tell them you cannot boot it and perhaps they will tell you where to get the right disks or send them to you by mail. And if you get lucky, you can have it replaced.

 

 

Well, yes, but my mom got it for me as a gift and we got it off of Amazon, it was a Prime deal - you know one of those things where Amazon ships and supplies it for the vendor, so I'd have to deal with Amazon, not MSI. I probably could, but it's not their fault it got buggered. Besides, it would be admitting defeat to the hacker. ;)

 

And this whole thing has me so furious, if I ever get within arm's length with the varmint who did this - they'll be hearing dueling banjos as background music! lol!  :guitar:

 

 

 

But take the pamphlet out and it says these are designed to upgrade a Windows 7 or Vista machine to 8.1, do not use on XP.

 

I think that phrasing means that there is no direct upgrade path from XP to 8 (just as there isn't one from XP to 7), but that if you own a 7 system, an upgrade is a possibility.  For folks who want to keep their settings, programs, etc.  Just a guess.  Sometimes software companies word things a little confusingly.

 

At work, we recently had a Windows 8 system that a client wanted wiped out and put back to 7.  I basically deleted all the partitions, including the recovery partitions, and formatted it from the ground up.  BE AWARE that some companies (HP in the case of the PC I was working on) will ship Windows 8 systems that have devices (network ports, e.g.) for which they provide NO Windows 7 drivers.  It just meant a little more searching to find Windows 7 drivers for everything.

 

 

Well, my old laptop is the HP Win 7. The new is an MSI with Win 8. And I already ran into one problem with the Killer network drivers. Luckily those were quite easy to find at the Qualcom website.

 

Now, if I could just get the damn Bluetooth to stop installing and activating itself, I'll be fine. I delete the darn thing, uninstall it, disable it, and it keeps coming back to life, wide open and broadcasting my stuff all over the net. ARGH! I don't have anything Bluetooth, so don't need it. If I need it later, I'll reinstall.  :smash:

 

Thanks for all the help guys! I'm going to probably do something crazy - like read some more articles and see if I can find more trouble to get into. ;)



#10 waldojim42

waldojim42

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Texas
  • Local time:05:51 AM

Posted 04 April 2014 - 04:16 PM

Well, my old laptop is the HP Win 7. The new is an MSI with Win 8. And I already ran into one problem with the Killer network drivers. Luckily those were quite easy to find at the Qualcom website.

 

Now, if I could just get the damn Bluetooth to stop installing and activating itself, I'll be fine. I delete the darn thing, uninstall it, disable it, and it keeps coming back to life, wide open and broadcasting my stuff all over the net. ARGH! I don't have anything Bluetooth, so don't need it. If I need it later, I'll reinstall.  :smash:

 

Thanks for all the help guys! I'm going to probably do something crazy - like read some more articles and see if I can find more trouble to get into. ;)

 

Wait, what? The bluetooth doesn't have anything to do with the net. Also, you don't broadcast anything unless you specifically tell it to and then it only does so for 2 minutes...


Laptop: Alienware 14 : Intel i7 4700mq : 8GB ram : Nvidia GTX 765 : 256GB Plextor M3 : 1080P IPS display

Test rig: AMD Phenom X4 955 @ 4.0Ghz : MSI 970A-G46 : 8GB Ram : 128GB Plextor M5s : 2x AMD 5770's (Flashed to 6770) : PC Power and Cooling Silencer 750 : Pioneer BR

Hackintosh : Gigabyte GA-H61m : Intel Celeron @ 3Ghz : 8GB ram : EVGA GTX 550Ti : Patriot Torx 2 64GB : Silverstone Strider ES-50 : OSX Mavericks

 


#11 warsong

warsong
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:51 AM

Posted 04 April 2014 - 09:45 PM

 

Wait, what? The bluetooth doesn't have anything to do with the net. Also, you don't broadcast anything unless you specifically tell it to and then it only does so for 2 minutes...

 

 

 

Yeah, I know. And when you disable the wifi and LAN adapter in the device manager, that's supposed to kick said communication's tail. But my network shows 60 ports open and dropped packets galore, plus data flying through zombie firewalls. All the time, I've got everything disabled - but I'm looking at my firewall logs, my router logs, and when I've disabled the network adapters, the router still show's me logged on and sending data from my ip (so is everyone else, but I'm looking at MAC and IP addys.)

 

I don't know how they're doing it, I just know what I see and it's a darn good thing I'm on an unlimited package with my cable company. I'm still waiting for them to throttle the bandwidth because we're dumping data out like spammers.

 

I'm still trying to read up on port forwarding and triggering so I can do something to slow this down - but they're killing me.

 

I just finished reformatting EVERYTHING on my new laptop - got that solved at least - and flashed the bios, then installed Windows 8,1. I did it in 20 minutes.  :huh: I've never, ever had an install go that fast or easy. Nothing blew up... it didn't even smoke. ;)

 

Now I know why - it's gotta be java code buried in there somewhere, hiding. I also had to clean out orphaned registry keys after this "clean install". (Now there's a dead giveaway that "clean install" is an oxymoron.)

 

I saw a bunch of 'Remote Desktop' Helper services chugging along in active memory too. I know helpers are typically not good to have on board. And then my user account got demoted in privilege again.

 

:(  :(

 

Brand new laptop and I haven't even tried it out yet! I was hoping and praying someone responded to my other post in virus logs but no such luck.

 

:( :( :(

 

I swear, I'm about ready to give up on the whole thing. I'll just start buying prepaid Visa cards if I want to buy anything on the net. But this stuff hogs so much memory, I can't do anything on either laptop. It looks like I'm going to have to spend a huge chunk of cash and take these things to the shop to get fixed.

 

Oh dear - I'm so sorry, Waldojim, I just took off on a rant there. I'm just getting more and more upset and frustrated. I didn't mean to vent at you. I logged on hoping someone might have responded to my post (I really can't get into email either, so I drop by here and check every so often). But no luck. I've been dealing with this over 2 weeks now and am beyond frustrated, exhausted and plain ole tired of it. 

 

So sorry about the rant and rave. Thanks for everything, m'dear. And thanks to everyone else too. I really appreciate y'all!



#12 waldojim42

waldojim42

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Texas
  • Local time:05:51 AM

Posted 05 April 2014 - 12:17 AM

If the format was done correctly, and completely, then there is nothing left to hang around.

 

What install disc is being used? Where is is sourced from?

 

If all else fails - seriously get your hands on a Linux disc. Linux Mint, Ubuntu, Simply Mepis, Debian, whatever works for you. Just be sure to get a live image no matter which flavor. Once you have your Linux disc burned and handy, reboot the machine, and ensure it boots from the DVD/CD. One Linux is loaded, use gparted to ERASE all the partitions on the drive, create a NEW partition table (likely GUID/GPT), create a blank NTFS partition and format it.

 

Use the included web browser to download all the drivers you are going to need, and place them on a flash drive, or burn them to another CD.

 

Then install using an ISO sourced from Microsoft, and re-install the OS. At this stage, you should have nothing on there at all. No drivers, no anything. Ensure 100% functionality as you see fit, then install your core drivers. DO NOT take the machine online yet. It is kind of hard to log into a router that Windows doesn't have a password to. THEN install your security software, following with your network drivers.

 

That is as clean as it gets.


Laptop: Alienware 14 : Intel i7 4700mq : 8GB ram : Nvidia GTX 765 : 256GB Plextor M3 : 1080P IPS display

Test rig: AMD Phenom X4 955 @ 4.0Ghz : MSI 970A-G46 : 8GB Ram : 128GB Plextor M5s : 2x AMD 5770's (Flashed to 6770) : PC Power and Cooling Silencer 750 : Pioneer BR

Hackintosh : Gigabyte GA-H61m : Intel Celeron @ 3Ghz : 8GB ram : EVGA GTX 550Ti : Patriot Torx 2 64GB : Silverstone Strider ES-50 : OSX Mavericks

 


#13 BeckoningChasm

BeckoningChasm

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 05 April 2014 - 07:05 AM

I'm sorry you're having difficulties, but honestly the anti-virus gurus here (among which I do NOT number myself) are excellent.  They've helped me with seemingly insurmountable problems in the past, so hopefully they'll address your issue soon.

 

Don't take this as advice from them but just from me--if you have access to a known uninfected system, and have a USB-SATA caddy device, remove the drive from the laptop and scan the heck out of it from the uninfected system.  I typically use ESET online scanner, MalwareBytes and whatever the non-infected computer has already installed, point them to the external drive and do a FULL scan each time.  It takes well over a day, typically, but I've gotten rid of a lot of pervasive infections that way.



#14 warsong

warsong
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:51 AM

Posted 05 April 2014 - 03:25 PM

waldojim42, on 05 Apr 2014 - 12:17 AM, said:

If the format was done correctly, and completely, then there is nothing left to hang around.

 

What install disc is being used? Where is is sourced from?

 

If all else fails - seriously get your hands on a Linux disc. Linux Mint, Ubuntu, Simply Mepis, Debian, whatever works for you. Just be sure to get a live image no matter which flavor. Once you have your Linux disc burned and handy, reboot the machine, and ensure it boots from the DVD/CD. One Linux is loaded, use gparted to ERASE all the partitions on the drive, create a NEW partition table (likely GUID/GPT), create a blank NTFS partition and format it.

 

Use the included web browser to download all the drivers you are going to need, and place them on a flash drive, or burn them to another CD.

 

Then install using an ISO sourced from Microsoft, and re-install the OS. At this stage, you should have nothing on there at all. No drivers, no anything. Ensure 100% functionality as you see fit, then install your core drivers. DO NOT take the machine online yet. It is kind of hard to log into a router that Windows doesn't have a password to. THEN install your security software, following with your network drivers.

 

That is as clean as it gets.

 

Thank you Waldojim for being so understanding! The install disk is Windows 8.1 Full which I purchased fresh, personally, from Walmart a couple of days ago.

 

Wow! GMTA! I was just thinking of throwing a curve and burning Linux. I'm going to save your comments above just in case it comes down to tht.

 

BUT everything changed last night.

 

BeckoningChasm, on 05 Apr 2014 - 07:05 AM, said:

I'm sorry you're having difficulties, but honestly the anti-virus gurus here (among which I do NOT number myself) are excellent.  They've helped me with seemingly insurmountable problems in the past, so hopefully they'll address your issue soon.

 

Don't take this as advice from them but just from me--if you have access to a known uninfected system, and have a USB-SATA caddy device, remove the drive from the laptop and scan the heck out of it from the uninfected system.  I typically use ESET online scanner, MalwareBytes and whatever the non-infected computer has already installed, point them to the external drive and do a FULL scan each time.  It takes well over a day, typically, but I've gotten rid of a lot of pervasive infections that way.

 

Thank you BC! I don't have access to a clean system unless I go to the repair company - I've done biz with them for years, they are great, but expensive! Unfortunately, where I live is a very small town. I have to travel to the larger city next door, and that is still considered a small town too - after that it's Houston. lol!

 

But as I said, everything changed last night. I think I need to talk to a mod.

 

I FOUND THE CODE!!!

 

At least a huge part of it. It's a VBA script (actually a couple of them) in the system32 file. One script replaces the svchost file and there are others. I decided after my rant last night I was going to give this reformat one last shot. But before I did that, I looked one more time for any info I could find. Let's look at this a different direction. With absolutely NOTHING on my new laptop, this is the best chance I'm going to get finding anything.

 

First thing I noticed that on the brand new install there were "dupes". You know how you make a backup of an important file...say the registry and, name the file WHATEVER.OLD and put the new one in place, but you have the old as a backup just in case?

 

I can't tell you how many files I found like that. They were the exact same name except the have .mui at the end and are in a secondary directory to the original. US-EN. I spent hours going through TXT, XML, and scripts.

 

I not only found the meat and potatoes code, but a list of victims. The info gleaned off the vic's computer is being posted online but the hackers are charging for it. I don't dare reformat anything now. I think I need to speak to the authorities and it's important I don't install anything more, especially network cards because the script picked up my password from my old laptop. It will engage and transmit the minute it can.

 

I think I need to talk to a mod here because I don't know if they would like a copy of the code or not. I guess I'll pick one if any are online when I finish this post. There's more to tell but I won't go into detail here.

 

So let me find out what I need to do.



#15 warsong

warsong
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:51 AM

Posted 05 April 2014 - 09:10 PM

Okay Waldojim, I'm doing it your way. I was just reading an article about taking an XP machine to Mint and that it was pretty simple. I'm thinking to try this on my old desktop first which is XP, also infected, and has been disconnected from the interwebz for about four days now.

 

My old laptop - just got ransom-wared. But I haven't connected it to the internet either since last night when I downloaded Sandboxie and harnessed what I hoped were a few key programs. Apparently it worked because there has been no internet connection with it at all, but the script locked the backup drive, My Documents, My Video, etc. But guess what....

 

When this first started, worried about my work, I automatically started doubling up on the backups and I used 7zip with encryption and uploaded them to a backup service on the cloud. When I reformatted that hard drive, I thought I was clean and downloaded those backups the infection came back in the middle of my downloads and I almost lost everything. I was moving fast so just saved everything to the c drive. I made New Folders but didn't bother to rename them because they were really all that was on there at the time. I had New Folders 1 thru 4 and saved all of my backups to them.

 

Those are the ONLY folders not related to the system that are not encrypted!!! I can get at them through Sandboxie and copy them to CD. I'm afraid to plug in an external USB hard drive that I have because I don't want the script to jump out and get it somehow. lol!

 

Anyway, what I need to do for the XP desktop is figure out how to install from USB. My CD/DVD rom is fried on it and I didn't want to go get and install a new one unless I absolutely had to. I know there are articles on it, but right now I can only access the internet on husband's computer (which I think still has some of the infection on it but we clean it up a lot more than my other computers - still, don't know if it will last.) So I'll be logging on as much as I can when I can.

 

If you have links you could post that way when I do get online, I can jump to them, it would be very helpful. I gotta run! Check in with you laters! Thank you again!!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users