Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems - Can't clean Malware/Virus on Desktop and Laptop


  • This topic is locked This topic is locked
20 replies to this topic

#1 LBLine79

LBLine79

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 21 September 2015 - 02:03 PM

BC - I have found a lot of useful tools and information over the last couple of years on this site. Unfortunately, I've got a malware/virus of some sort that I cannot seem to clean, no matter which tools I use and/or which process I follow. My SuperAntiSpyware cleans off 600-900 items, my antivirus program (McAfee) gets turned off, as does my MS update, computer is getting slower, and recently my sound has been turned off (software shows it's on, but my ears tell me otherwise). I've even tried a couple of rescue discs, but they are stopped from downloading the necessary updates to scan with. It appears to me that whatever I have is defending itself and keeping track of whatever I try to use, so I cannot use that same tool again.
I've been fighting this issue for a few weeks in hopes I could figure this out myself using the tools and information on the BC site, but I'm only getting more frustrated at this point. My laptop is also having issues (I use both my desktop and my laptop for business). This weekend I backed up my personal files on my laptop, formatted the C Drive, and started over reinstalling my Win 7 program. The program installed fine, but after a couple of updates and reboots, the computer won't access my wireless network anymore, so I can't even get Win 7 and its updates loaded. Even after a format and reinstall, it seems like whatever is on my machine, is still there. Can that be? Can anyone help me? Thanks

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 21 September 2015 - 03:03 PM

Hello, and Welcome to BC.

 

Is there a yellow exclamation mark next you Network Controller in Device Manager of the laptop. Right Click the device and select Properties. Under the Details tab select Hardware IDs in the dropdown box. Copy and post the first line.

 

What is the make and model of the laptop?


Edited by JohnC_21, 21 September 2015 - 03:04 PM.


#3 LBLine79

LBLine79
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 21 September 2015 - 05:15 PM

Hi John. There are yellow yield signs with an exclamation point by all of the items listed under "Other devices" (Base System Device (3 listings), Ethernet Controller (1), RICOH Bay8 Controller (1), USB Controller (1), & Unknown Device (2)). I don't see a Network Controller label in Device Manager. I have a Network adapters heading which has the Intel Centrino Ultimate-N 6300 AGN listed, however that appears to be working fine. Only the items in the Other devices heading have the yellow signs.

 

The hardware ID entry on the first line for each item with a yellow sign is: 

Base System Device #1: PCI\VEN_1180&DEV_0843&SUBSYS_1521103C&REV_14

Base System Device #2:  PCI\VEN_1180&DEV_0852&SUBSYS_1521103C&REV_14

Base System Device #3:  PCI\VEN_1180&DEV_0592&SUBSYS_1521103C&REV_14

Ethernet Controller: PCI\VEN_8086&DEV_10EA&SUBSYS_1521103C&REV_06

RICOH Bay8 Controller: PCMCIA\RICOH-Bay8Controller-F1B2

Universal Serial Bus (USB) Controller:  PCI\VEN_1033&DEV_0194&SUBSYS_1521103C&REV_03

Unknown Device #1: USB\VID_138A&PID_0007&REV_0072

Unknown Device #2: ACPI\HPQ0004

 

The Laptop is a HP Elitebook 8540w. Windows 7 64bit.

Thanks



#4 JohnC_21

JohnC_21

  • Members
  • 24,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 21 September 2015 - 05:40 PM

Your intel Centrino is your wireless adapter. Are you saying you still cannot connect? You did not say if you have Home or Pro.

 

Base system 1,2, and 3 is your card reader. Go here and select your OS in the dropdown box. The driver is Ricoh Card Reader under the Storage category

 

Ethernet is Intel 82577LM and 82577LC Gigabit Ethernet Driver (International) under the Network section.

 

PCI\VEN_1033&DEV_0194&SUBSYS_1521103C&REV_03  is your NEC USB3.0 Controller. Listed under the Firmware Section

 

Unknown Device #1: USB\VID_138A&PID_0007&REV_0072 is your fingerprint sensor under the Keyboard, Mouse Section

 

Unknown Device #2: ACPI\HPQ0004 is the HP 3D DriveGuard under the Security Section



#5 LBLine79

LBLine79
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 21 September 2015 - 06:04 PM

No I still cannot connect. The bar graph on the taskbar is grayed out with a big red "X" on it. I tried to do a hard wire my connection, but that didn't give me a connection either. I installed the RICOH driver from HP's site, did a reboot and the big red "X" is still there (cannot connect). BTW - Windows 7 Ultimate.

Thx.



#6 JohnC_21

JohnC_21

  • Members
  • 24,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 21 September 2015 - 06:28 PM

The Ricoh drive has nothing to do with the internet connection. 

 

Go here and download the 64bit driver. You want the larger download. I would uninstall the current driver in Device Manager > Right Click > Uninstall before installing. After installing reboot

 

Wireless_18.20.0_ s64.exe

 

Did you download and install the Ethernet Driver? If that still does not work then download the 64bit driver here. Same thing in Device Manager > Right Click > Uninstall. Reboot after install.



#7 LBLine79

LBLine79
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 21 September 2015 - 07:58 PM

No luck. Deleted, installed, rebooted after each install, and still no connection, just the big red "X". 



#8 JohnC_21

JohnC_21

  • Members
  • 24,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 21 September 2015 - 08:20 PM

I am not sure what the problem is. You could rule out a hardware problem of the wireless card by booting a small linux distro like Fatdog64. It's about 250MB. Burn the iso and boot the disk. If it senses a wireless signal the wireless wizard will open. If you cannot connect with Fatdog then I would look at using one of these.

 

http://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wireless_adapters_n150/ew-7811un

 

http://www.tp-link.com/lk/products/details/cat-11_TL-WN725N.html

 

Edit: Try downloading and installing the Chipset driver on the support site. That may help the computer recognize the wireless card. Can you connect via an Ethernet cable?

 

Edit Edit: Also use the Network Troubleshooter.


Edited by JohnC_21, 21 September 2015 - 08:33 PM.


#9 LBLine79

LBLine79
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 21 September 2015 - 11:29 PM

John - I booted the Fatdog64 disc twice. The first effort I could not get on the internet via the wireless. The second time I booted using a hard wire (ethernet) and WAS able to access the internet with no problem. I also booted up Win 7 via the ethernet and was also able to get online. I downloaded the Intel driver update tool in case I was missing something. Interestingly, after a scan, the tool came back with a wireless driver to download (even though I had already downloaded and installed the driver you recommended earlier this evening). So I started the downloan and upon beginning the install, the tool came back recognizing that there was already a more recent version of that driver installed.

 

I then went to check for remaining updates (since I was able to access the internet via the ethernet). There are 28 updates downloading this time. I will get all of the remaining updates installed and get back with you tomorrow to see if there has been any change to the wireless. BTW, I do appreciate the links you provided as an alternative option. All I know is that the wireless has worked without fail up to the reinstallation of Win 7 Ultimate I did yesterday. I can't believe that the wireless became defective at exactly the same moment in time as when I did the reinstall. 

PBB 



#10 JohnC_21

JohnC_21

  • Members
  • 24,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 22 September 2015 - 07:09 AM

Download the chipset utility here. Also the intel managment utility here. I am surprised that Fatdog was not able to connect wirelessly either. Did you try the troubleshooter?

 

Can you see any available networks? Right click wireless icon > View Available Networks.



#11 LBLine79

LBLine79
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 22 September 2015 - 09:37 AM

I finally completed all of the updates via the ethernet. The wireless now works. Thank you.

 

I also downloaded both utilities you recommended. Before I begin reinstalling all my personal files and adding the additional programs (office), is there any way to make sure that the computer is free of the malware or virus that has been causing me problems?

 

Additionally, on my desktop this morning the emsisoft scan came back with a quarantine of the following file:  Artimis! 98383ABCE0B7 (Trojan).

PBB



#12 JohnC_21

JohnC_21

  • Members
  • 24,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 22 September 2015 - 10:09 AM

You don't need to worry about malware on a clean install. The one scan I would do if you are worried is with TDSS killer

 

I would recommend you do all your browsing in a User Account, not an Admin account. Provide a strong admin password. If browsing you see the UAC appear, you know something is trying to access your system and you can block it. 

 wou

I don't know if you use emisoft for an AV but I recommend Bitdefender Free for a Windows 7 AV. You do need to create an account though and it is not compatible with Windows 10 and may never be according to Bitdefender.

 

HitmanPro Alert is paid but it can defend against unknown malware. It has a 30 day trial. It is compatible with most AVs

 

You also need to make sure your Router does not have a default username/Password set up to access it's web interface. I would also disable remote access in the router. This prevents somebody offsite from accessing and changing your router settings.

 

Once you get your laptop setup with your programs I would recommend you do a full disk image with Macrium Free using an external drive to store the image. The software will create a bootable disk so you can recover your image and be back in minutes instead of hours if the hard drive fails or you get a malware infection. File Backups should also be done on a regular basis.

 

For the Desktop I would download Kaspersky Rescue Disk based on linux using the laptop. You can burn the iso to disk using Windows 7 by right clicking and selecting Burn Disk Image. Connect the desktop using Ethernet which will allow you to update the definitions after the disk boots. 

 

http://support.kaspersky.com/us/viruses/rescuedisk#downloads

 

After cleaning the malware using Kaspersky. Download HitmanPro and run it. It requires a internet connection because it is cloud based.



#13 LBLine79

LBLine79
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 22 September 2015 - 11:51 AM

Thanks John. No I use McAfee AV Suite (provided with AT&T internet service) as my primary AV/Firewall. I have used Hitman Pro, Emsisoft, Malwarebytes, and SuperAntiSpyware as a secondary tool over the years. I'm not sure which is any, are better than another. I used BitDefender as my primary AV (subscription) a few years back at a previous address. It's hard to tell, even after reading the reviews, which AV program is better than another. Seems like there are a handful of leading providers that are consistently rated at the top year after year, with the differences coming down to user preferences of one feature here or there. I know each tool functions a little differently, so that's why I use a secondary tool to do my best to keep clean (without it becoming my day job, if you know what I mean). With client's personal information in my computer, I want to keep on top of mitigating risks. If you have any thoughts beyond those in your message above, let me know. I do appreciate the clarity.

 

I have a couple of added questions before I follow your steps.

 

I work in the financial industry so I need to encrypt my drives with BitLocker. Should I make the full disk image before or after encrypting the drives? Along those lines, if I would ever have to do a restore from the image file, will I need to enter the encryption key to perform that function? I do have the keys written down and stored in a safe accessible place for when needed.  

 

The router I use in my home is provided by AT&T. I haven't had to make any changes to the original set-up. Do you know if I just go through my "My AT&T" online account to access and make changes to the router, or can I access the router directly through my computer?

 

I have a Kaspersky Rescue Disc but I'm not sure if the computer I burned it on had a virus/malware at the time. Just to be save I'll burn a new one with the clean laptop. Would malware or a virus somehow imbed itself when burning a disc or do they just inhibit the program from executing properly when used on that machine? I guess this question is driven from a curiosity of how these things are spread (once there in your machine) via discs (copied/burned) and flash drives. Should I throw out the rescue discs I burned? Can I scan and clean, format, or do I need to get new flash drives? Once I get this out of my computers, I don't want to re-infect myself via any of the discs, flash drives, or back-ups I've been using. Once again, thanks for the clarity here.

 

I'll follow-up after getting these items completed.

PBB



#14 LBLine79

LBLine79
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 22 September 2015 - 12:17 PM

One added question... my college daughter is using Windows 10 and needs an AV recommendation. The McAfee through our service provider isn't approved for Windows 10 at this point. You stated that BitDefender isn't either. What would you recommend she use? If there is a very good free option, as a college kid, that would be nice. If pay is the way to go to get quality, that's fine too. Thx



#15 JohnC_21

JohnC_21

  • Members
  • 24,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 22 September 2015 - 12:58 PM

The Kaspersky disk is linux based so I doubt it can get infected if you burn the iso direct. If it did, I doubt it would boot. But, to be safe you can download and burn it on the clean laptop. I would get rid of the rescue disks. CDs are not that expensive vs having an infection even though I have not heard of a disk getting infected during a burn unless the files themselves were infected. Flash drives are another story. They may get infected by attaching to an infected computer. You can sanitize the flash drives using a bootable linux disk like Partition Wizard bootable. Use the wipe option. Don't attach any of the flash drives to your clean laptop. Boot the Partition Wizard disk on the desktop then zero wipe an attached flash drive. 

 

If you have the opportunity to reinstall the OS on the desktop then I would do that.  Another option is to zero wipe the hard drive first then all your flash drives you believe are infected. 

 

I would image the drive after it is encrypted.  I am not that familiar with Bitlocker  but see this article from Macrium.  You should store the external drive in a secure place. 

 

For a Windows 10 AV I would look at Panda Free. Don't download it from Cnet though. Get it here.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users