Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Never seen this, white screen with message to call #, formatting SDD won´t work


  • Please log in to reply
11 replies to this topic

#1 Buck_1976

Buck_1976

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 August 2016 - 08:55 PM

**** UPDATE as of now 08/11/16 10:00PM CST same thing on different HDD same machine ****

Hello community,

 

So...I have 20 years experience as a tech support for Windows since the beloved Win95 installed using floppy disks but this is something that I´ve never seen and all the usual tricks didn´t work so far, and as stated in the TT not even formatting and installing different versions of Windows solves the dang issue.

 

Here´s what is happening:

 

HP EliteBook 840 G1 / i5 / 4gb RAM / SSD Micron RealSSD C400 (seems a legit part as it has HP´s pn and serial)

 

- friend bought a laptop off of craiglist, brought it home all worked until after a few minutes later the laptop rebooted got to windows and a white screen with a message (not the FBI, etc) just a line on top

IMG_36301_zpsonahq89q.jpg

 

- I tried first removing the drive, and running on my external dock Panda, Kaspersky, MalwareBytes it found a faXcool infection but that was clearly from a counterfeit install media, well that didn´t do anything, booted to the same screen

 

- Safe Mode won´t work, any of them

 

- No restore point on this computer

 

Well, let´s go and reinstall Windows 7 Pro 64 from MS´s ISO download using the key in the sticker inside the laptop, original as can be. All went well until I connected the thing to the internet, few minutes later, bam...a pop-up on the taskbar showed up saying that the UAC was modified and the computer will reboot...reboots to windows and goes to the same thing again...OMG

 

Long story short...tried W8.1, same thing, W10 same thing...tried Kaspersky Rescue Disk....nothing...TrendMicro´s Ransomware....nada....

 

BIOS is password protected...weird, HP is not helping much although according to their site the laptop still under warranty until 2018

 

Another thing is I installed Chrome while was still working, when the crap hit and rebooted there was a message saying that IE is not the default browser.

 

Oh yes, during my OS install bonanza I was able to use a restore point, it came back but again, connect and kaput.

 

Where in the name of the computer gods is this thing??? BIOS? SDD firmware??

 

I didn´t have the guts to put one of my test hard drives on this crazy thing, so I bought one in GoodWill (craiglist, goodwill...geee) and am installing on it to see what happens.

 

No search of the forums et al had anything similar, I might have missed since I browsed everywhere, here is always the first choice.

 

Anyone has any idea?

 

Sorry for the long post and apologize for my grammar as I am not a native english-speaker


Edited by Buck_1976, 11 August 2016 - 10:10 PM.


BC AdBot (Login to Remove)

 


#2 mjd420nova

mjd420nova

  • Members
  • 1,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 11 August 2016 - 09:39 PM

This sounds like a rootkit of "flash" type of infection.  A factory reset and through cleaning with malware/virus cleaner from the safe mode  WITHOUT networking.  Any machine that is suspected of being infected should be isolated from any network.  Factory reset forces the BIOS to load directly from the firmware and not the flask chip.  Rootkits are written into the Master Boot Record (MBR) and would need a reformat to clear if a rootkit cleaner can't clear it.



#3 Buck_1976

Buck_1976
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 August 2016 - 09:42 PM

This sounds like a rootkit of "flash" type of infection.  A factory reset and through cleaning with malware/virus cleaner from the safe mode  WITHOUT networking.  Any machine that is suspected of being infected should be isolated from any network.  Factory reset forces the BIOS to load directly from the firmware and not the flask chip.  Rootkits are written into the Master Boot Record (MBR) and would need a reformat to clear if a rootkit cleaner can't clear it.

 

Thanks for the reply, you mean reset from the factory partition right? Can´t do, there was none to begin with, it came with a counterfeit Windows, unless there is another way to do that.



#4 Buck_1976

Buck_1976
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 August 2016 - 09:51 PM

For crying out loud! Same thing on a different hard drive this is insane!



#5 mjd420nova

mjd420nova

  • Members
  • 1,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 12 August 2016 - 10:53 AM

A different hard drive and the same screen.  Not a root kit but a flash.  Reset to factory settings via hardware jumper or BIOS.  BIOS first, boot to BIOS and find on the first screen the reset to factory.  This will not affect anything on the drive, don't change anything.  Boot to safe mode and run antivirus and malware checks.



#6 Buck_1976

Buck_1976
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 12 August 2016 - 07:34 PM

A different hard drive and the same screen.  Not a root kit but a flash.  Reset to factory settings via hardware jumper or BIOS.  BIOS first, boot to BIOS and find on the first screen the reset to factory.  This will not affect anything on the drive, don't change anything.  Boot to safe mode and run antivirus and malware checks.

 

There is no way to physically reset the BIOS it´s a laptop no jumpers to do that, at least I haven´t found it removing the mainboard. I know there was a guy Mazzif or something that used to have a way to restore the BIOS on HP laptops but he´s no longer doing that.

 

Crazy stuff....



#7 mjd420nova

mjd420nova

  • Members
  • 1,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 12 August 2016 - 07:46 PM

Laptops have evolved into using capacitors instead of a battery for the CMOS BIOS settings.  If it has the coin type battery, pull it for ten minutes and re-insert the battery back into the holder.  This should reset everything to factory default.  The virus gets written into the BIOS via the flash option.  Once there, it will reload every time the unit boots.  Removing the CMOS battery wipes whatever is on the flash chip and forces the BIOS to load from a firmware (ROM) chip, with out the deadly changes.  Then boot to safe mode, isolate from the network and run antivirus/malware.



#8 Buck_1976

Buck_1976
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 12 August 2016 - 08:17 PM

Laptops have evolved into using capacitors instead of a battery for the CMOS BIOS settings.  If it has the coin type battery, pull it for ten minutes and re-insert the battery back into the holder.  This should reset everything to factory default.  The virus gets written into the BIOS via the flash option.  Once there, it will reload every time the unit boots.  Removing the CMOS battery wipes whatever is on the flash chip and forces the BIOS to load from a firmware (ROM) chip, with out the deadly changes.  Then boot to safe mode, isolate from the network and run antivirus/malware.

 I´ll try that battery option:

IMG_3636_zps7kc26aoc.jpg



#9 Buck_1976

Buck_1976
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 13 August 2016 - 04:53 PM

Right, so instead of waiting just a few minutes I left this haunted thing overnight, when I rebooted it immediately crashed saying the CHECKSUM was wrong, and rebooted to the factory settings, or said it was doing so when it came back there is still a password blocking access.

 

Since it was not possible to boot in whatever safe mode, I opted to do the restore point thing again and rebooted to safe mode no net...it worked, I then proceeded to use TrendMicro´s Ramsonware removal tool, it found something that it hasn´t in other scan:

 

Virus File Path:C:\Windows\System32\rpcnetp.exe

TSC_GENCLEAN[virus found]

-->reboot modify registry data("HKEY_LOCAL_MACHINE","SYSTEM\CurrentControlSet\Services\rpcnetp","ImagePath") success

-->delete file("C:\Windows\System32\rpcnetp.exe","","") success

GenericClean::Pattern:TSC_GENCLEAN,Virus Name:ANTIRANSOM_DUMMY_VSAPI,Virus File Path:C:\Windows\System32\rpcnetp.exe

Now let´s connect the thing to the internet and see what happens, thanks for the tip mjd420nova !


Edited by Buck_1976, 13 August 2016 - 05:26 PM.


#10 Buck_1976

Buck_1976
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 13 August 2016 - 10:13 PM

5 hours in, connected and running nothing yet.

 

mjd420nova   thanks for the great tip, still pwd protected but the thing seems to be gone



#11 Buck_1976

Buck_1976
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 15 August 2016 - 12:02 PM

HOLY BLEEPING COMPUTERS!

 

That really did work, since last post computer´s been on and running strong, today HP came through and sent me the BIOS pwd reset.

 

Thanks mjd420nova!!!

 

Stay humble because even with 20 years experience we are all seeing crazy stuff in this biz!

 

5 hours in, connected and running nothing yet.

 

mjd420nova   thanks for the great tip, still pwd protected but the thing seems to be gone



#12 mjd420nova

mjd420nova

  • Members
  • 1,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 16 August 2016 - 10:48 AM

Over the decades, I think I've seen just about every type of fault imaginable.  And then along comes a stumbler of a fault that defies diagnostics. I usually turn to factory resets and reseating cards and replacing the BIOS CMOS battery.  Being hardware dedicated, my slant is towards proving the hardware is intact and the fault is with the software.  So many things to go wrong with drivers when new programs are introduced that create what appears to be a hardware fault.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users