Hi I am a complete newbie to Bleeping Computer! I am trying to help a family member recover from a malware infection, possibly a rootkit. Initially I was approached to see if the computer was safe from the WannaCry ransomware. Much to my dismay, I determined that the computer had not received Windows 7 updates since July 2016, and that the first update present was around July 2015. The system is an Acer Aspire 5742Z-4685 running Windows 7 Home.
Internet access was fine.
The first priority for me was getting Windows 7 to update itself again. I followed the instructions here: http://plugable.com/2016/06/08/windows-7-wont-update-what-to-do/ which worked flawlessly. Note: At the time I followed the instructions, in step 12 (optional) and applied the KB4015549 (Monthly Rollup)” (alternate link to KB4015549 files). The optional update for May 2017 had not been posted at the time.
With Windows Update restored, I applied ran and re ran Windows Update all updates until there were no more to apply, with the exception of Optional updates for Skype and Silverlight. (Neither Skype nor Silverlight was installed.)
I ran Malwarebytes' Anti-Malware, but with the rootkit detection option unchecked. I have this log, but will not post it unless requested to do so. Since I am new here, please tell me which forum you want the log posted in and I will happily comply.
Then I proceeded to (try to) run McAfee Total Protection. This failed (could not get the product to update and did not have access to her serial number at the time to reinstall), so I uninstalled it and installed ESET Internet Security. On initial scan it found 6 items, one was a Trojan.Downloader and three "coupon" apps. All were quarantined, but I saved the scan log instead of the detection log by mistake, so no notes on the actual files quarantined are available.
I ran ESET again. No malicious files found using "Smart Scan" option in Windows normal mode.
I ran Malwarebytes' Anti-Rootkit. No suspicious files were found.
The system is exhibiting an odd system behavior, though. When a USB stick is placed in the USB port, the system keeps making the "ba-bing" and "bing-ba" noises, as if a new USB device is is continuously inserted and removed, even though it remains inserted. While I realize this could be a separate hardware issue, how can I make sure the rootkit is totally gone and I have no more issues related to it?
For what it's worth, there are no obvious signs of USB trouble (yellow or red marks in Device Manager), but the device manager screen keeps refreshing.
To her original question on WannaCry, applying Windows updates through May should fix the problem of WannaCrypt by addressing MS17-010, right?
Thank you in advance for your help. It is much appreciated!
Edited by mikey9, 19 May 2017 - 05:21 PM.