Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Task Manager shows multiple unwanted processes running when DSL connects


  • This topic is locked This topic is locked
29 replies to this topic

#16 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 03 October 2015 - 10:07 PM

Sounds good Paul. Talk to you soon.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

BC AdBot (Login to Remove)

 


#17 AutoResearch

AutoResearch
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2015 - 11:33 AM

Hi Gary - got home late last night - too tired to do anything on the infected computer. So, I'm writing this reply from my work computer. My computer at home is powered off, and not connected to any DSL or Internet. I am starting to backup my pictures and whatever documents are important to an external drive, but it may take several evenings, and I don't want to leave the computer on and unattended while I'm at work during the day.

 

When I purchased my refurbished computer from Fry's, it came with Windows 7 Professional pre-packaged. It has a partitioned D: drive with Windows 7 recovery on that drive. My son-in-law told me yesterday that since Win7 was pre-packaged, I should be able to use the recovery from the D: drive and format my hard drive that way. Apparently I won't need to use Windows 7 Pro original OS install disks, as I did not get any of those with the computer purchase. I made a set of backup DVDs immediately after going through the original installation procedure. However, I haven't found those yet...maybe I won't need them since it sounds like I can use the partitioned D: drive with the full recover/installation on it.

 

I guess my question at this time would be, once I have backed up all my data onto the external hard drive, should I go ahead with the format procedure as mentioned above, and then do whatever scanning needs to be done on the external drive before reinstalling my programs? I'm hesitant to connect the still-infected computer to the internet to follow this thread/reply at home.

 

I believe my system currently is still compromised, as I saw a bunch of the unwanted processes still running late Friday night after we had removed the Rosena virus. As a precaution, I changed my online banking password yesterday from a safe computer, and that appears to be fine now. Someone may have tried to hack into it a few days ago, because when I went to the bank's website, there was a different username with a couple of wildcard characters in it. I've changed my email passwords as well. I want to remain safe until after formatting and starting over.

 

Am I correct in understanding that once formatted, the registry is completely new and there should be no trace of any virus/malware infection and my computer should be safe to use?

 

Sorry to ramble, but I want to get this procedure correct and be safe again. Hopefully I didn't miss anything in your very patient directions through this process.

 

Also, if you could point me in the best direction to use the recovery/reformatting process using the already-installed recovery data, that would be much appreciated.

 

Thanks, Gary! Have a great day!

Paul



#18 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 05 October 2015 - 02:11 PM

Hi Paul,

You have done a great job in covering all the bases. No problem on waiting a few days before we can take the next step here.

Yes, you should be able to reinstall the Operating System from the Recovery Partition and any traces of malware will be gone. Following the directions to do a Factory Recovery from this HP site and your computer will be returned to the state it was in when you purchased it.

You will need to reinstall any programs that did not come factory installed. Backing up data does not back up the underlying programs.

You can scan the external drive either before you install the programs or afterwards. It really doesn't matter. Let me know when you are ready to do that and I will provide instructions for you.

Take your time, my friend. I have lots of other work to keep me busy! :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#19 AutoResearch

AutoResearch
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2015 - 03:48 PM

Hi Gary - thanks for your quick response. I understand that I want to do a factory recovery (factory reset as described in your link above), rather than just a "system recovery". One question I have is in the statement just before the section called Types of system recovery. That statement is this:

 

The complete recovery process can take 4 to 6 hours or more to complete. For best results, the computer should be connected to the Internet, and it will restart several times during the process. Do not turn off the power or interrupt the recovery process until the prompt to log in to Windows displays.

 

The question or concern I have is regarding the phrase "the computer should be connected to the Internet". In order for me to access the Internet, I need to first connect my DSL modem (done by clicking in the right side of the taskbar on the desktop). I then need to click on "connect", at which time it brings up a box with my username and password to do that. After I get through connecting my DSL, I still need to click on the Internet Explorer icon on the left side of the taskbar. Its only when I get through with that step that I am actually "on" the Internet. First of all, could I get in trouble with a "still-installed/still-infected virus/malware" by connecting to the Internet before the system starts the restore process? And, since the recovery process can take a number of hours to complete and requires restarting several times, will the recovery process hang if I'm not sitting at the computer or have enough time to re-establish a connection as mentioned above?

 

I believe McAfee Antivirus was also part of the pre-packaged system when I bought the computer, so hopefully that will get reinstalled again.

 

Maybe I'm just being paranoid, I don't know :)

 

Thanks,

Paul



#20 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 05 October 2015 - 04:04 PM

Hi Paul,

No, you are being cautious. I doubt it is going to take that long. You need to be there because you will have to interact with the installation process periodically. Don't worry about being connected. During the initial restore to factory condition steps there is no Internet activity, it is all internal operations and you don't really have a functioning computer. By the time you get to the actual connecting to the Internet part your drive has already been wiped so the malware will be gone.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#21 AutoResearch

AutoResearch
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2015 - 04:30 PM

Thank you!

Paul



#22 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 05 October 2015 - 04:32 PM

No problem sir. It is just a bit of work to go through this but well worth it, in my opinion. :thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#23 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 09 October 2015 - 08:40 PM

Are we all set?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#24 AutoResearch

AutoResearch
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 09 October 2015 - 09:48 PM

Should be able to do the full system recovery in just a few minutes. Wanted to take one last look at a couple of things, and think I have backed up all my data and especially my pictures. Wish me luck!

 

Thanks,

Paul



#25 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 10 October 2015 - 09:59 AM

Thanks Paul, let me know how it goes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#26 AutoResearch

AutoResearch
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 10 October 2015 - 08:38 PM

Hi Gary - my system is back up and seems to be fine. I see no activity now when I check in Windows Task Manager like I did before. The reformat/recovery time was probably less than 1/2-hour. I've reinstalled some of my programs already, but not all yet. Will probably slowly do that in the next day or so. I had backed up all my data (that I know of) onto an external drive that I don't keep connected to my computer other than when I do backups. My Internet seems to be working fine, along with my email.

 

What step(s) should I take now? I presume there are some programs you recommend that I should also run frequently as a precaution against getting a virus infection again, or perhaps some to verify "all is well" at the present time.

 

Thank you!

Paul



#27 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 10 October 2015 - 08:43 PM

Hi Paul,

Congratulations on your successful efforts. :thumbsup2: Here are some things for you to consider and review to try to stay safe.

===================================================

Keeping Your Computer Safe

----------

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#28 AutoResearch

AutoResearch
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 10 October 2015 - 09:18 PM

Thanks for all your help, Gary! It's so nice to have my computer back and operating normally again. I will save these links as favorites (and print some of them out for reference) to keep handy.

 

I think we are good to go right now. If I should develop other issues down the road, I'll be sure to post a new message on Bleeping Computer.

 

Have a great weekend, and thanks again!

Paul



#29 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 10 October 2015 - 09:20 PM

My pleasure, my friend. If something comes up in the next few days send me a Personal Message so we can get to it right away. If not, and you ever need us again in the future, our doors are always open.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#30 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 11 October 2015 - 08:35 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users