Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Infected....Advised To Reinstall Windows


  • Please log in to reply
19 replies to this topic

#1 KerryJo2712

KerryJo2712

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:08:12 AM

Posted 14 October 2017 - 07:54 PM

Hello There,

 

I've been advised to reformat and reinstall Windows and to repost here if I need help to do so....I will paste my original forum post...I am unsure how to do this if someone could help me I'd appreciate it. Thanks Kerry

Mod Edit:  Prior AII topic:  https://www.bleepingcomputer.com/forums/t/660259/laptop-was-infected-prior-to-being-given-to-meransomware-kies/#entry4357568 - Hamluis.

 

Hello there,

 

Thank you in advance. OK....I inherited this laptop and after becoming aware that the laptop was streaming audio and video over shared wi-fi I took the laptop to PC World and they confirmed the laptop has been hacked. 

 

The camera and the microphone where open and streaming, the screen was being shared via skype and all email accounts had subsequently been hacked, there was also a keylogger running.

 

After discovering the laptop was hacked I spoke to the person who gave it to me and they remembered a pop up asking them to pay money to a certain account as the contents of the pc had been sent to the authorities.

 

I then thought back to when I first got the laptop and aeroplane mode was locked and I was unable to access the internet....after googling the problem I managed to unlock the laptop and disable aeroplane mode, I checked all the sharing permissions of the folders and unchecked any boxes hit apply and I then thought the laptop was fine to use. Until my discovery. I then found there was a principal administrator controlling the laptop and the local user (me) had what looked like administrator privileges but not quite.

 

The last few days I have been trying to clean the laptop via Bleeping Computer and I have run several of your tools, Rkill, Unhide, Malwarebytes Cybereason and Secunia PSI ......I had 1003 threats according to Malwarebytes and I quarantined them....I am hoping to learn more about this and I am interested in your courses but at the moment I am hoping that someone could please help me as I now don't know how to check if the laptop is clean.

 

The battery pack gets very hot and I always have to have the laptop plugged in....which sets alarm bells ringing as it would seem that someone wants there to be a constant power supply to the laptop to ensure no down periods.

 

Thank you in advance

 

Kerry 

 

Edited by hamluis, 15 October 2017 - 09:49 AM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 14 October 2017 - 08:17 PM

If the computer you inherited had Windows 10 and it was upgraded from a previous OS then you have a digital license and can do a clean install. Download the Media Creation Tool on another computer with Windows 7 or later and run it. Select either the DVD or USB flash drive option. 

 

Boot the DVD or USB flash drive and do a clean install per this guide. It's for Windows 8 but the same steps are good for Windows 10. You will need to reinstall any programs. You may also need to install some drivers which would be available on your computer's support site.

 

https://www.lifewire.com/how-to-clean-install-windows-8-or-8-1-2626254

 

Because you have a digital license click next without entering anything when you are asked for a Windows key.



#3 KerryJo2712

KerryJo2712
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:08:12 AM

Posted 14 October 2017 - 08:44 PM

Thanks for your reply, I think the OS was originally windows vista....I don't know where the licence key is....When I managed to get back online initially I tried to restore back to an earlier version of Windows but too long had passed....I'm unsure what happened before I acquired the laptop but I think the windows version came from being hacked??? 

 

I don't know if thats a possibility???

 

I've just looked at system info....Windows back up says Windows 7 but System info says Windows 10 home edition and there is also a product key......does that change anything?


Edited by KerryJo2712, 14 October 2017 - 08:50 PM.


#4 KerryJo2712

KerryJo2712
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:08:12 AM

Posted 14 October 2017 - 08:54 PM

Hi John.....Thank you....If I have any issues I will message back...........After reading fully I think I understand...thanks again



#5 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 14 October 2017 - 09:01 PM

Vista was not eligible for the free upgrade. I would pull the key for Windows 10 using a program called Showkeyplus just in case you need it.

 

https://github.com/Superfly-Inc/ShowKeyPlus/releases

 

You want to make a note of the Installed Key, not the Product Key.


Edited by JohnC_21, 14 October 2017 - 09:02 PM.


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:12 AM

Posted 15 October 2017 - 09:32 AM

Please do the following to provide us with needed information regarding your installation of Windows 10.

 

In the Start menu right click on This PC, in the submenu that opens move the mouse pointer over More and select Properties.  Let us know if the operating system is activated.

 

 

Press the Windows key OS4o0pO.png  and the X key to open the Windows menu.

 

Select System from the menu.

 

Either take a screenshot of this information or use the Snipping Tool to create a image of this page and post it in your topic.

 

The instructions below are for making a screenshot, but the instructions for posting the image works with both types of images.

 

How to make a screenshot and post it in your topic

1. Download and run A Thousand Words .

2. Follow the wizard to capture a screenshot.

3. Use the built-in editor to resize, edit, or re-capture your screen shot.

4. Your screen shot will be saved to your desktop when you finish the wizard.

You can post the screenshot in your next post as an attachment.

Just below the area where you write text in a post there is the Post button, to the right of this is More Reply Options.

posting-options1.png

When you click on More Relpy Options you will see Attach Files and Browse, click on Browse, this will open Pictures on your computer, click on the image you want to post, then click on Attach This File, then Add Reply.

posting-options2.png


Edited by dc3, 15 October 2017 - 09:49 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 KerryJo2712

KerryJo2712
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:08:12 AM

Posted 15 October 2017 - 11:05 AM

  Hi There,

 

Attached is the requested info thanks

Attached Files



#8 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 15 October 2017 - 11:33 AM

Were you able to pull a key with ShowKeyPlus?



#9 KerryJo2712

KerryJo2712
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:08:12 AM

Posted 15 October 2017 - 11:37 AM

yes i've got key and originalk version was windows 7....I don't have access to another pc/laptop can I just download windows direct to infected laptop? 

 

I've ran all the programs I mentioned in my original post but I need to know if the laptops still infected...I understand that changes will have been made to the registry which requires reinstall....is it possible to do direct?



#10 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 15 October 2017 - 11:47 AM

The computer could still be infected. One additional scan you may want to use is HitmanPro. I would still do a clean install. Yes, you can download the Media Creation Tool and then select the DVD or USB option. Are there files on the computer you wish to keep?

 

From your post you mean you were able to recover two keys using the program, the original Windows 7 key and the Windows 10 key, correct?



#11 KerryJo2712

KerryJo2712
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:08:12 AM

Posted 15 October 2017 - 11:56 AM

No nothing I want to keep.... I completely wiped the laptop when it was originally infected.....lots of things were compromised....email accounts hacked....google hotmail yahoo which I think I've sorted

 

Yes I have 2 keys installed key and original key   



#12 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 15 October 2017 - 12:01 PM

How did you wipe the laptop? Are you saying the laptop became reinfected? If you wiped the laptop and reinstalled the OS then you should not be infected.



#13 KerryJo2712

KerryJo2712
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:08:12 AM

Posted 15 October 2017 - 12:08 PM

No sorry, I wasn't clear I deleted all my personal docs with McAfee Shredder so there isn't anything on the laptop personal....i.e photos music files etc...



#14 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 15 October 2017 - 12:15 PM

Oh, okay. Download the Media Creation Player and run it. Create a bootable DVD or USB flash drive. Boot the media and do a clean install per the instructions I linked to. Normally you will click next without entering a key when asked for a key. If that does not work then use the key found with Showkeyplus.

 

https://www.microsoft.com/en-us/software-download/windows10



#15 KerryJo2712

KerryJo2712
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Manchester
  • Local time:08:12 AM

Posted 18 October 2017 - 04:31 AM

Hello,

 

ok so i've followed instructions to reinstall windows and im running malwarebites and will be running hitmapro .....is there any way i can check if i've fixed the issues?

 

I didn't have to enter a licence key at any point which makes me wonder if i've done everything right

 

Laptop still hot and has power issues.....was one of the reasons it took so long to sort windows as laptop kept shutting down






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users