Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My system has been compromised and i need to completely reinstall - please help!


  • Please log in to reply
43 replies to this topic

#1 cook2465

cook2465

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 13 March 2015 - 08:29 AM

I have been dealing with a nasty trojan that one of my kids 'accidentally' installed and in another post:
 
http://www.bleepingcomputer.com/forums/t/569742/i-need-help-determining-if-my-system-is-ok/page-3
 
it was just discovered that I have a backdoor trojan that has been hiding and my system is compromised.  I have been advised to completely wipe and reinstall my system.  I am not completely inept but am in NO way savvy on how to do this the most effeicent way.
 
I am hoping that there is someone who can help me do this so that I can quickly get back on my feet as I work from home and 95% of my job is online and I need to have a clean system.  Thank you for all your help - this website is wonderful.
 
Here is my computer information:
 
Im not sure of the make and model - it was a kit that I purchased from Tiger Direct and my nephew built.  On the case front it says Thermaltake
 
Internally:  Windows 7 Home Premium N
Copyright 2009 Microsoft Corp
ServicePack 1
 
System:
Intel®Core i5-2500K CPU @ 3.30GHz 3.30GHz
8.00 GB Ram
64-bit OS
 

 

Edited by cook2465, 13 March 2015 - 08:47 AM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 23,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 AM

Posted 13 March 2015 - 08:37 AM

First off, do not show the product ID. Edit your post and remove that.  Do you have the Windows 7 install disk? From your Product ID , you do not have an OEM install so you will be able to download the iso file.

 

Edit: If you do not have the install disk you can obtain the product key by downloading and running Produkey. Copy the install key for Windows 7 and go here. Follow the instructions to create your install media.


Edited by JohnC_21, 13 March 2015 - 08:42 AM.


#3 dicke

dicke

    Paraclete


  • Members
  • 2,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:11:54 AM

Posted 13 March 2015 - 08:40 AM

To start, do you have the operating system installation disk, and the disks for your other software? If not you will need to get clean copies of all of those before starting to clean your system - everything will have to be erased/deleted.

 

This assumes that you cannot work with one of the experts here and flush the [deleted] out of your system without having to delete everything and start over.

 

Dick


Stay well and surf safe [stay protected]

Dick E


#4 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 13 March 2015 - 08:50 AM

I don't. I will be contacting my nephew to see if he has the disc or can connect me with what he used. I'm also checking into the other software. I believe i have my Woffice 07 - but again, will have to work on locating all of this. i was just informed late last night in my other post that this was discovered, so this bad news is still fresh, but want to take care of it asap. im needing to change all my passwords etc too, so unfortunately this is going to be a long process. :0(

What i'm hoping is that someone might be able to help me with is: trying to figure out if my external hard drive is ok and can it be used to back up and store all my data and is there anything else - other types of software i may not have discs for that i can somehow save there? I just dont want to transfer this but do not have the $$ to simply throw that one out and buy a new one to transfer data from this computer onto. I hope this makes sense. Thank you

Edited by cook2465, 13 March 2015 - 08:53 AM.


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:54 AM

Posted 13 March 2015 - 09:02 AM

@Dick

This is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, this PC is very likely compromised and there is no way to be sure the computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.

If cook2465 wants to pursue cleaning this computer in the Malware Removal Logs forum they can still clean this machine, but they can't guarantee that it will be 100% secure afterwards.

Edited by dc3, 13 March 2015 - 09:03 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 JohnC_21

JohnC_21

  • Members
  • 23,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 AM

Posted 13 March 2015 - 09:12 AM

"trying to figure out if my external hard drive is ok and can it be used to back up and store all my data and is there anything else" Are you asking if the external drive is infected?

 

You can wipe that if you do not have any data on it but I can'i guarantee it will not get infected if you connect it to the computer again when in Windows. You can wipe the external drive with a live linux disk. Then transfer any data files using linux. This would prevent the backdoor from accessing the external drive when you transfer files. But, you would not be able to transfer programs. Those would need to be reinstalled.



#7 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 13 March 2015 - 09:26 AM

I've been discussing this with my nephew who is an engineer and built my computer. he is going to wipe and reinstall the os and office for me. Can you tell me how i can determine if my external hard drive is clean and not compromised so that i can use that to backup or store all my documents, data, pictures, music? i would like to do all that before i take it to him and it will take some time as well as i do not want this thing sneaking back onto my system from there? I don't even know if it can do that or not? This is beyond my realm of knowledge...

#8 JohnC_21

JohnC_21

  • Members
  • 23,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 AM

Posted 13 March 2015 - 10:54 AM

Wipe the external drive to zero using a live linux disk. Then transfer the files using the linux disk. Puppy Linux is good for this. You can burn the iso file to disk using Windows 7 by right clicking the iso file and selecting Burn  Disk Image. You can then use Puppy linux to transfer any data from the hard drive to the external but you will not be able to transfer the programs, only data. Wiping the disk with zeros using a linux live disk would get rid of any infection if there was any on the external. Any data currently on the external would be gone.

 

To wipe the disk in Puppy requires a number of terminal commands. Your nephew may already know these. If not post back and I will walk you through the commands once Puppy is downloaded and you can access the desktop.

 

I can't assume the drive is clean until it is zero wiped.



#9 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 13 March 2015 - 11:05 AM

If you can, please, dumb it down a little bit more with certain compter terms.  I"m comfortable with computers and have learned a lot trying to keep ahead of my kids and cleaning virus's off, etc, but i am in NO way completely savvy - especially in technical computer terms.  :0)

 

I did remove all the backups off my external  what is left is data that i was keeping safe - old pictures, music, former tax docs vidoes.  How can i save those?!  it is a total of approx 80 GB's so I do not have enough flash drives to do this?  I have scanned the drive after removing all the system image and backup files with both Avast and malwarebytes and nothing was found.



#10 JohnC_21

JohnC_21

  • Members
  • 23,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 AM

Posted 13 March 2015 - 11:16 AM

How much data is on the external drive? Can you burn the data to DVD's.  The external is probably clean but to make absolutely sure it is clean a zero wipe would be best. Zeroing the drive will zero every sector on the drive virtually eliminating the possibitly of an infection being hidden on the drive.



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:54 AM

Posted 13 March 2015 - 11:20 AM

What John_21 is suggesting is to use this program to wipe the external drive so that it is completely empty.  When a program is used to "wipe the driver" it uses an algorithm to completely overwrite the entire drive.  This basically leaves you with a clean slate to start with.   


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 nate302

nate302

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 13 March 2015 - 11:20 AM

I have been dealing with a nasty trojan that one of my kids 'accidentally' installed and in another post:
 
http://www.bleepingcomputer.com/forums/t/569742/i-need-help-determining-if-my-system-is-ok/page-3
 
it was just discovered that I have a backdoor trojan that has been hiding and my system is compromised.  I have been advised to completely wipe and reinstall my system.  I am not completely inept but am in NO way savvy on how to do this the most effeicent way.
 
I am hoping that there is someone who can help me do this so that I can quickly get back on my feet as I work from home and 95% of my job is online and I need to have a clean system.  Thank you for all your help - this website is wonderful.
 
Here is my computer information:
 
Im not sure of the make and model - it was a kit that I purchased from Tiger Direct and my nephew built.  On the case front it says Thermaltake
 
Internally:  Windows 7 Home Premium N
Copyright 2009 Microsoft Corp
ServicePack 1
 
System:
Intel®Core i5-2500K CPU @ 3.30GHz 3.30GHz
8.00 GB Ram
64-bit OS
 

 

 

What is the make / model of your machine? If it is an OEM machine you likely don't need the discs but would just need to do a Facorty reset of the HDD. Most Acers / Dells / HPs / Asus / etc have a boot option available to boot into a "recovery mode". If your laptop indeed has this, backup your data to an external drive, do a factory restore on the machine and prior to utilizing your backed up data, use a boot up recovery disc (several out there) and scan your backed up data. If you use Windows Easy Transfer make sure you do not save your profile settings or "AppData" or any temporary files.

 

Edit: scratch that, it was a barebones kit :/


Edited by nate302, 13 March 2015 - 11:21 AM.


#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:54 AM

Posted 13 March 2015 - 11:21 AM

@John_21

 

cook2465 posted that there is 80GB~ of data on the external drive.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:54 AM

Posted 13 March 2015 - 11:26 AM

@nate302

 

 

I suspect that you missed the fact that this computer is infected with a backdoor Trojan.  The only way to be completely sure that the computer is clean is to wipe the drive and reinstall the operating system.  Cook2465 has made arrangements to have this custom built computer's hdd wiped, and the operating system reinstalled on it.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 13 March 2015 - 11:31 AM

dc3 I am willing to do this but I'm not sure I have enough discs or flash drives to handle 80 gb's is there a relatively cheap cloud service that i could use that doesn't require me to pay for a full month/year? 

 

JohnC21 - I have been reading about live cd's and linux, etc.  I'm not sure i understand yet, but do get the concept of wiping the drive clean.  I just do not want to loose the current data and will need specific instructions on how to backup that and then how to wipe the ex hd clean so that i can move forward transferring all my current pictures, data, etc. from my computer so that i can have that wiped clean.  What a mess!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users