• 0

New HP laptop with infected Svchost file..


Question

A friend of mine brought over his new HP laptop and wanted me to fix his virus issue. so after a few attempts and different programs finding more and more crap even after it has all removed I decided to just run the pre install image and restore the machine. He didnt have anything on it anyways.

So I did that loaded up AVG. And left it doing windows updates on my bench, When i came bake in to look at it the thing was already infected.

AVG as well as Microsoft's own utility found infections. Nothing else in installed other than Firefox.

4.jpg

hpimagevirus2.jpg

I am redoing it all jst to make sure. But what gives? what do you all make mf that.

And check out some of the file names in this screen capture.

hpimagevirus.jpg

Link to comment
Share on other sites

Recommended Posts

  • 0

Do you have any usbs or other hard drives on that computer? They could be holding the virus and as soon as they connect, they spread themselves.

Link to comment
Share on other sites

  • 0

Where did the restore image come from, the same hard drive? If so then there is a possibility that the restore image was infected due to the malware/viruses on it before.

Is there any CDs/DVDs that can be used to restore it instead if the above is the case?

Link to comment
Share on other sites

  • 0

I used my thumb drive to install avg and all that. but it is the same one i use to install apps on hundreds of computers every week. this would have happened a lot sooner than just now.

But to be safe I just restored the laptop again and installed all of the apps fresh.I am going through my same steps again.

Link to comment
Share on other sites

  • 0

OK, after you've restored again then I would take a look at the partition it is stored on. If the restore image is a huge image file, then I wouldn't imagine it get infected without being corrupted. However my guess is its not a huge image file, and instead it has lots of files with some of them infected.

Only safe way out then is to contact HP to get some new restore disks.

Link to comment
Share on other sites

  • 0

You're probably better off re-formatting the drive & installing w/ a retail/technet Win 7 disc. (it'll install/activate fine using the product key from the laptop's Win 7 sticker) You'll need to re-install drivers & whatnot. You already said you don't need anything on the hard drive anyway, right?

For kicks, you could try AV scanning the restore image partition & see if it finds anything there, but honestly it sounds like you already spent enough time trying to do this using the restore image ;)

Link to comment
Share on other sites

  • 0

i would do the restore again but make sure your selecting destructive restore. at my work we have dealt with a new rogue antivirus that creates a partition that will inject the virus boot up acronis and see if there are any nasty partitions active causing this, otherwise boot into safe mode, create the discs and wipe the drive then restore.

Link to comment
Share on other sites

  • 0

You're probably better off re-formatting the drive & installing w/ a retail/technet Win 7 disc. (it'll install/activate fine using the product key from the laptop's Win 7 sticker) You'll need to re-install drivers & whatnot.

Can you use OEM product keys on any Windows media now? Last time I tried this was about 7 years ago with XP and a Compaq COA, it certainly didn't like retail or a non Compaq OEM disk.

Link to comment
Share on other sites

  • 0

yes the OEM key deal would work as long as its an oem cd. (not retail) but that is not what i want to do unless i have to.

so far everything scanned fine. I just installed AVG on the laptop after a fresh restore and it is now scanning.

I have not done the windows updates yet, and it is now off line during this scan.

I'm going ot bed. I will continue tomorrow.

Link to comment
Share on other sites

  • 0

yes the OEM key deal would work as long as its an oem cd. (not retail)

That is incorrect, Circaflex & I already mentioned that Retail/Technet dics of Win 7 can install & activate using OEM keys (as well as retail keys).

You can of course fix this laptop however you want. Hopefully you're charging your friend by the hour ;)

Link to comment
Share on other sites

  • 0

If it is a new computer I would wipe and rebuild with an oem disk. dell has oem disks for download if you do not have them from hp. You will need your windows key that is on your machine to properly activate it.

http://en.community....ft_os/1439.aspx

Note: If referred to this Wiki from the Microsoft Answers forum. Note that none of these downloads are specific to Dell systems; these downloads are provided by Digital River or direct from Microsoft (the Useful Software wiki has software available from a variety of safe locations). I realised I got a multitude of negative ratings when I referred users from the Microsoft Answers forum to here and they thought the downloads were Dell specific.

Thus the files listed below may be used on any PC (that has a readable Windows Vista/7 COA) and/or a Microsoft Office 2007/2010 license. Ensure you have product keys for both Windows and Office at hand when using these files.

Link to comment
Share on other sites

  • 0

why is everybody talking about windows keys anyways? why do topics always go so far away from where they started. I have have been fixing computers for over 20 years. I have used the OEM key numbers stuck on the side of computers to re install windows xp for years. I have never had to do it with windows 7.

But this is not what this post was about. I was trying to figure out how it got infected with a virus so quickly? was it from the HP ISO recovery partition or from a windows update. They were the only 2 things put on the computer at the time.

SO for get about product keys. Save that for somebody else post.

This last screen shot happend while it was in the middle of doing windows updates..

Untitled.jpg

Link to comment
Share on other sites

  • 0

I wasn't accusing you of anything. Just pointing out certain facts.

all I did was offer a site where you could download an image and use your cd key even though it is from a competitor to a product which you own and pointing out that you simply need your cd key. I am sorry you took offense to that. It wasn't meant to offend, it was to educate anyone reading this and thinking about second guessing what I have posted.

Second if you connect to the internet you can get instantly infected by simply going to a site that has been hacked or a site that has malicious code. Takes all of 15 seconds to get infected.

Link to comment
Share on other sites

  • 0

You're infected with a bootrec virus...boot loader is infected before you even hit Windows.

http://support.kaspe.../?qid=208283363

Run TDSS Killer, let it cure it via restart. Run it again, should be good to go when it comes back clean. I wouldn't wipe it again, but I would change any passwords that you may have typed in while that machine was infected.

Doesn't matter how many times you restore it, or how many times you install with OEM key until the bootrec is cleaned it's going to keep doing it.

Link to comment
Share on other sites

  • 0

Not if you format and wipe the partitions clean.

Correct, if you actually do so.

He's using the OEM Image on the "Repair Your Computer" section of the boot loader (i.e. System Reserved Partition) which means he's not atually deleting the entire Hard Disk's boot record.

Link to comment
Share on other sites

  • 0

why is everybody talking about windows keys anyways? why do topics always go so far away from where they started.

Sorry, was probably my fault. Though thanks to the posts that answered it, I've learnt something new.

Not if you format and wipe the partitions clean.

I agree. I wouldn't trust this system until the hard drive has been fully wiped.

Link to comment
Share on other sites

  • 0

Hello,

The computer was infected by the Black Hole Exploit Kit, which, as the name implies, is a framework which allows criminals to attempt to exploit multiple vulnerablities on a computer in the hope that one of them will be unpatched and allow their malicious code to run. The kit might deliver various exploits for the operating system, the web browser, plugins like Adobe Flash, Acrobat Reader, Java and so forth.

When a computer ships from the manufacturer, the operating system software image on it is typically months out of date with respect to security updates and patches, and preloaded software like Adobe Reader could be an entire version behind. This is why it is critical when one first receives a new computer to plug it into a NAT'ed connection (which breaks the direct connection between the public Internet and the computer) and run through all of the update services offered by Microsoft, the computer manufacturer and installed third-party software (including security software like antivirus) before one starts going out and surfing the net on the computer.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

  • 0

I agree. I wouldn't trust this system until the hard drive has been fully wiped.

If you're not confident in your abilities or are nervous about repairing then yes, wipe the HD IF you are then proceed with TDSS Killer; I repair systems everyday and have yet to have one come back (especially with this specific one) when done properly. It's completley possible without having to format the entire HD completley (note: just deleting a partition doesn't remove this). Once the boot loader is clean, you'll be fine.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.