Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is SLOW, may contain crackware and had 383 PUPS


  • Please log in to reply
7 replies to this topic

#1 saluqi

saluqi

  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:12:11 AM

Posted 23 November 2016 - 04:58 PM

I just got a first look at a desktop in a water district office for which I am responsible as Operator.  It's a fairly new HP Pavilion 20 AIO running Windows 10 Home.  It seems (not sure) to be using Windows Defender as sole protection.  There are also some Norton files.  MBAM scan found 383 PUPS, including DriverUpdate, DriverDetective, SlimCleanerPlus, MindSpark, and ask.com.  This machine runs so slowly it is almost useless for work (the MBAM scan took more than an hour).  A previous office manager had been doing various dubious stuff (cracking TV decoders, etc.).  Open to suggestion about how to clean it up.  I'm posting from the subject computer.

 

Thanks as always for enlightenment.



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 23 November 2016 - 06:10 PM

I would do a reset with the keep files option but any programs would need to be reinstalled. Another option would be to do HP's factory reset which is different then the native Windows 10 reset as any programs HP included with the computer would be gone with the Windows 10 native reset. HP factory reset would require all data to be backed up first.

 

To do a factory reset tap F11 at boot Troubleshoot > Recovery Manager > System Recovery.

 

Edit: Added link for HP factory reset

 

http://support.hp.com/us-en/document/c04758961#AbT9


Edited by JohnC_21, 23 November 2016 - 06:28 PM.


#3 saluqi

saluqi
  • Topic Starter

  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:12:11 AM

Posted 24 November 2016 - 07:48 PM

I'm scared to do anything with that computer until they have secure backups of everything on it, arranged in some kind of order so one could actually find something one needed.  At present that is not the case.  No backups at all, and the filing system makes even my untidy hair stand on end.  I can't do that myself - I'm the licensed Operator there, but not the General Manager (they don't have and can't afford one).  I'm responsible for overseeing water operations, not for maintaining their computers.  Still, under the circumstances, I will probably have to train their office manager to some basic level.  There was an interim office person (for several months) who just saved EVERYTHING (mostly in multiple copies) under "Downloads" - with no subfolders.  The present (new) office manager is smart and sensible but not especially computer literate.  At least she understands what a filing system is.

 

One of the questions implicit in what I wrote is whether Windows Defender, all by itself, is all the security software they need.  That seemed to be the opinion of the computer tech who worked on it for 3 hours in September.  At least he did not suggest anything else - except a memory upgrade.  That MOBO with a 64 bit system will support up to 16 GB of RAM; at present it has only 4.  It has 2 204-pin DDR3 SO-DIMM sockets.  I don't know whether the factory equipment is one 4-GB module or two 2-GB ones.  Come to think of it, the factory version has only 2 MB, so perhaps they already added another 2 GB module.  Won't know till I open the case, which I don't intend to do before everything is backed up.



#4 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 25 November 2016 - 08:27 AM

Sounds like a complete mess. Wasn't there any backup plan at the site?

 

Personally, I would not use Window Defender. It depends on if the operation is willing to pay for Security Software. I would at least look at adding EMET

 

https://chart.av-comparatives.org/chart1.php#

 

https://www.mrg-effitas.com/wp-content/uploads/2016/11/MRG-Effitas-360-Assessment-Q3-2016.pdf

 

https://www.av-test.org/en/antivirus/home-windows/windows-10/    I selected Home User because your using Defender and not Microsoft Endpoint.Protection

 

I think restrictions need to be in place on what web sites can be visited. 


Edited by JohnC_21, 25 November 2016 - 08:29 AM.


#5 TazzyOpz

TazzyOpz

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 25 November 2016 - 12:55 PM

With all the adware/junkware I'd try running an ADW scan to be sure nothing else was left behind.

 

[-Running AdwCleaner-]
Download AdwCleaner from here and save it to your Desktop.
 
• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile
 
[-Running JunkWare Removal Tool-]
Download JunkWare Removal Tool from here and save it to your Desktop.
 
• Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
• On completion, a log is saved to your desktop and will automatically open.
• Please post the JRT log here.


Software Developer & Malware Analyst
Programming Langues: VB.net, C#, Java, & HTML.
Reverse Engineering/Tracking Tool familiarity: Ollydbg, IDA, CE, & Wireshark
My Website


#6 saluqi

saluqi
  • Topic Starter

  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:12:11 AM

Posted 26 November 2016 - 08:43 PM

Perhaps I should add that all the 383 PUPs found by MBAM were quarantined.

 

As for backups, the former manager was extremely secretive so nobody knows exactly what was done.  Many things that should have been done (including required State government reports) were not done.  When that person left the scene there was no licensed Operator, and the District urgently needed one (it's illegal to operate without an Operator of the required grade, which depends on the size of the operation).  That's how I got involved - I am a licensed Operator of the requisite grade and live only 8 miles away.  The State required them to hire an Operator within 14 days, and I was nearby and available <G>.  

 

When I took a look at that office they still had another computer running Win XP Pro that was being used for online work.  I haven't yet had a chance to take a good look at that one to see if anything can be done with it.  I have taken it offline and AFAIK it is not networked with anything else in that office.  They had been using it for their billing software, something called I think RVS Mosaic. That is now installed on the HP so I don't think they actually need the XP machine for anything.

 

I am thinking they need backup software (such as Macrium Reflect) that can be set up to make backing up nearly automatic.  Backups are more likely to happen if they don't require any head-scratching <G>.  External HDDs are now cheap and they could certainly afford at least two, to be used in rotation.  Maybe a few large capacity thumb drives to use for archiving backups in some kind of rotation?  Theirs is a public operation (like ours) and the consequences of data loss are unthinkable.  By the same token they should also be able to invest in some decent security software.



#7 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 26 November 2016 - 09:16 PM

I don't know how many computers are in the office but if there a fairly large number there would be a central server and backups would be made on the server.  

 

If there are not many computers then backing up to an external would be okay but an external disk can fail at any time. The backup should be on at least two devices in case one fails. One should be offsite and protected. I guess I am asking if the operation burned down would the data be replaceable?

 

Macrium does have scheduled backups. The paid version also allows for file backups. 



#8 saluqi

saluqi
  • Topic Starter

  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:12:11 AM

Posted 29 November 2016 - 12:57 PM

There are just the two computers in the office, and until further notice the XP one is out of action.  I don't think it's actually needed.  There is normally only one person working in that office - it is a very small operation, a small very rural village with about 140 water connections.  The main computer operations are billing, payment processing, E-mail (mostly correspondence with regulatory agencies), report writing and basic accounting.  The entire staff consists of one office manager and one part-time maintenance worker.

 

I completely agree of course about needing more than one external HDD.  Ideally one would be kept off-site; the question is where, since the nearest bank is about 20 miles away.  The village itself has one school, one church, one community center (not staffed, it's basically a room used for community-related meetings and functions) and one water office.  No stores, utilities or financial institutions.  All financial transactions of the water agency are handled through the County offices (about 40 miles away).  This is a low-income area (the official name is "severely disadvantaged community") with very limited resources.  So whatever I can do there is more or less "the art of the possible".






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users