TheyCallmeScooter Posted February 22, 2011 Author Share Posted February 22, 2011 There is a very small possibility that something has affected his BIOS or other firmware and the solution to that is to reflash the BIOS using a Dell flashing tool and check the firmware of any other cards having one. This is really rare though so it seems unlikely. Yeah this actually confirms what a couple people have just told me - zero-wiping it won't do the trick. I've had enough of these drives, I'm just going to buy new ones. The 'experts' who've wasted my time on Days 1-6 of the last 8 are the trolls. Trolling incompetence. Link to comment Share on other sites More sharing options...
powderpuff Posted February 22, 2011 Share Posted February 22, 2011 Hang on a sec. In post 1 you say you tossed a HDD & DELL replaced it for free. So why do you think replacing the "drives" now is gonna help? Might want to be a bit more specific when referring to "drives". Link to comment Share on other sites More sharing options...
Supernova Posted February 22, 2011 Share Posted February 22, 2011 (edited) This is fine for erasing personal data but it is not really relevant in this instance. Deleting and recreating a partition will effectively remove any data on the partition. There is no need to overwrite as long as the FAT is empty, especially as this is not the problem here. Whatever the OP may have (and actually I'm not convinced he has anything at all) it will be living in the boot sector and the best way to erase this is to do so from a non-Windows OS as this will make it unreadable to Windows. There is a very small possibility that something has affected his BIOS or other firmware and the solution to that is to reflash the BIOS using a Dell flashing tool and check the firmware of any other cards having one. Do you know what's on the OP's hard disk? I don't, nor will I pretend to know either. Chances are there may not be anything 'malicious' lurking at all. But then again, I don't know this for certain. Wiping the drive is just another option for the OP to consider, irrelevant as it may seem. Could it be something in the BIOS causing problems? Perhaps, but there's no definitive proof of this. I'm not going to suggest a BIOS reflash (which is a risk in itself) when one may not be necessary. Given that the OP is relatively inexperienced, I'd leave this task to a DELL technician. Should something go horribly wrong, the responsibility will rest with the technician, not the OP. I meant delete partitions and wipe data (aka Zero-fill or writing zero's to the hard disk). This will effectively destroy ALL data on the drive. Think of it as a document shredder; I'm sure you're familiar with those in the workplace. Alright sweet thanks, I'm gonna give this a crack as I don't value DELL's assurances much. Seems simple enough, but this could be the exhaustion talking, I'm a bit confused about how it works. I assume it's a complete wipe, which means right through the BIOS? So do I have to install a BIOS program of some kind before I reinstall Windows? Nothing to do with the BIOS, just your hard disk. You don't have to install anything, just download a bootable ISO image from one of the sites below and burn to CD, then boot from it. BTW, whether or not you choose to wipe, these are good utilities to have handy. You'll never know when you might need them. http://www.dban.org/ http://www.killdisk.com/ Edited February 22, 2011 by Supernova Link to comment Share on other sites More sharing options...
H2oDunc Posted February 22, 2011 Share Posted February 22, 2011 Just because you are paranoid doesn't mean your computer isn't infected with every sneaky little trojan known to man ! Link to comment Share on other sites More sharing options...
Darrel Posted February 22, 2011 Share Posted February 22, 2011 <br /> So do I have to install a BIOS program of some kind before I reinstall Windows? <br /><br /><br />The BIOS is built into your computer and has nothing to do with your operating system, except in as much as it allows your operating system to talk to the bits and pieces that make up your computer. If you dont know what a BIOS is or how it works then you shouldnt be messing about with it. Leave it alone and leave it on the default Dell settings.<br />That said, on the Dell support site you will find a program that allows you to reflash the BIOS with the most recent version and this is safe enough to do<b> if you follow the instructions to the letter</b>. As I mentioned it is just about possible (but very unlikely) that something has infected your BIOS. Reflashing it would sort that out, in the unlikely event that it is the case.<br /><br /><br />Clearly there wouldn't be much point in Bitlocker-encrypting a drive that you'd shrug off with a grin - I was pretty desperate, and I'm a fierce researcher. If there was a way to save that Bitlocker drive, it wasn't online. <br /><br /><br />You misunderstand. I didnt say that you can recover the data: if you have lost the key/password then that is gone. However you can recover and re-use the drive simply by formatting it. Unless of course the drive is broken or reports many bad sectors in which case you can bin it. So the most you can lose is your personal data which should, of course, be backed up several times anyway.<br /><br /><b>If</b> you have your original installation disks and activation keys (for Windows etc) and <b>if </b>you have backups of your personal data then you are never more than a couple of hours away from <b>a full recovery with nothing lost</b>. Link to comment Share on other sites More sharing options...
Darrel Posted February 22, 2011 Share Posted February 22, 2011 Do you know what's on the OP's hard disk? I don't, nor will I pretend to know either. Chances are there may not be anything 'malicious' lurking at all. But then again, I don't know this for certain. Wiping the drive is just another option for the OP to consider, irrelevant as it may seem. Could it be something in the BIOS causing problems? Perhaps, but there's no definitive proof of this. I'm not going to suggest a BIOS reflash (which is a risk in itself) when one may not be necessary. Given that the OP is relatively inexperienced, I'd leave this task to a DELL technician. Should something go horribly wrong, the responsibility will rest with the technician, not the OP. You are correct in that we certainly dont know what's on his drives and his machine, not least because he is rather imprecise about what is going on. So really we should just be saying "sorry, cant help, go get a tech to sort it for you". Which so far has been unsuccessful. That said, binning the USB key, disconnecting the network, formatting the drive from another OS, flashing the BIOS using a Dell tool and then reinstalling Windows from the DVD without messing about changing settings that he doesnt understand would normally get the PC working again no matter what his problem is. Though I suspect that he would soon have altered enough admin settings to stop it working properly again. I have flashed hundreds of devices of all types and whilst there is a minute risk of bricking one this has never actually happened to me. As long as you follow the instructions it should not pose a problem. Of course, if Dell are around to do it for free and to carry the can, so much the better. (Tthough I suspect that if the Dell tech flashed the BIOS and bricked it he would just say 'Sorry, it's broken. A new one will cost you xxx.") Link to comment Share on other sites More sharing options...
TheyCallmeScooter Posted February 22, 2011 Author Share Posted February 22, 2011 Hang on a sec. In post 1 you say you tossed a HDD & DELL replaced it for free. So why do you think replacing the "drives" now is gonna help? Look for the changed variable, to discover the value of X. Do you know what's on the OP's hard disk? I don't, nor will I pretend to know either. Chances are there may not be anything 'malicious' lurking at all. But then again, I don't know this for certain. Wiping the drive is just another option for the OP to consider, irrelevant as it may seem. Could it be something in the BIOS causing problems? Perhaps, but there's no definitive proof of this. I'm not going to suggest a BIOS reflash (which is a risk in itself) when one may not be necessary. Given that the OP is relatively inexperienced, I'd leave this task to a DELL technician. Should something go horribly wrong, the responsibility will rest with the technician, not the OP. I wiped one drive this morning and then crashed before I had a chance to organise replacements. I'll try installing the OS on this wiped drive and I'll know by morning whether or not I'll need ones. DELL doesn't take their responsibilities all that seriously. Either with vetting their employees, or making good on "One Business Day" guarantees. Not even when their employees are PROVABLY to blame. Unless someone has another theory for why a DELL technician in February 2011 would place 2009 firmware on a brand new hard drive? Some of the drivers he's placed on my Latitude aren't even available online, as in I cannot even find them. One would think a DELL technician would simply go to Dell.co.th - it's not exactly a complex mystery, although everyone appears to be oblivious to it. Fine lot of Sherlock Holmes y'all are. Nothing to do with the BIOS, just your hard disk. You don't have to install anything, just download a bootable ISO image from one of the sites below and burn to CD, then boot from it. BTW, whether or not you choose to wipe, these are good utilities to have handy. You'll never know when you might need them. http://www.dban.org/ http://www.killdisk.com/ cheers. I haven't even turned on the wiped drive yet. I passed out whilst it was doing it's thing. Boy, wiping a drive takes a long time - is there any programs that do it rapidly? Just because you are paranoid doesn't mean your computer isn't infected with every sneaky little trojan known to man ! It's because I wasn't paranoid at all, which allowed my computer to be infected with sneaky trojans that baffle the 'experts'. Link to comment Share on other sites More sharing options...
Supernova Posted February 22, 2011 Share Posted February 22, 2011 (edited) That said, binning the USB key, disconnecting the network, formatting the drive from another OS, flashing the BIOS using a Dell tool and then reinstalling Windows from the DVD without messing about changing settings that he doesnt understand would normally get the PC working again no matter what his problem is. A very reasonable assumption, but tell that to the OP... I'm not the one having problems. I have flashed hundreds of devices of all types and whilst there is a minute risk of bricking one this has never actually happened to me. I don't doubt it. Flashing a device isn't rocket science, but I am quite hesistant in advising others to do so -- especially when they haven't done it before. Edited February 22, 2011 by Supernova Link to comment Share on other sites More sharing options...
Supernova Posted February 22, 2011 Share Posted February 22, 2011 Boy, wiping a drive takes a long time - is there any programs that do it rapidly? No. The amount of time it takes depends on the 'number of passes' as well as drive capacity. Link to comment Share on other sites More sharing options...
TheyCallmeScooter Posted February 22, 2011 Author Share Posted February 22, 2011 No. The amount of time it takes depends on the 'number of passes' as well as drive capacity. That's a pity my 500GB drive took over 4 hours. I can't remember how many passes I set, only 4 I think. Booting from the Win7 CD without a BIOS (or should I say, without the BIOS software?) and installing Windows was a remarkably anti-climatic process. Climax began in earnest once I logged in and (lol, I'm embarrassed to say) went online without remembering to kill my infected laptop. I realised my mistake instantly when something happened*, so within seconds I was downloading TM Titanium and TM RootkitBuster (which I've never before been able to successfully launch on the infected machines). I ran a quick scan with TM RB whilst TMT installed MS Visual C++ 2005 Redistributable as part of it's rapid installation process. Not sure if these mean anything, but my query would be why the heck would they need to be hidden if they're OS-related? +---------------------------------------------------- | Trend Micro RootkitBuster | --== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==-- [FILE_STREAM]: FullPath : C:\Users\goscuter1\Downloads\RootkitBuster_3.60.1016\RootkitBuster.exe:Zone.Identifier:$DATA [FILE_STREAM]: FullPath : C:\Users\goscuter1\Downloads\RootkitBuster_3.60.1016.zip:Zone.Identifier:$DATA [FILE_STREAM]: FullPath : C:\Users\goscuter1\Downloads\TrendMicro_TTi_HE_Downloader.exe:Zone.Identifier:$DATA [FILE_STREAM]: FullPath : C:\Users\goscuter1\Favorites\Links\Suggested Sites.url:favicon:$DATA No hidden files found. --== Dump Hidden Registry Value on HKLM ==-- [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Recording\Restricted [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\DHCP [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo 4 hidden registry entries found. --== Dump Kernel Code Patching ==-- [KERNEL_CODE][DRIVER_OBJECT]: Driver Name : vga DRiverObject at : 865A8030 1 Kernel code patching found. TM Titanium was up and fully operational and everything was running smoothly at this point, and I was hopeful. But the change was pretty well-marked; Windows Update did a forced download, install, restart and when I got back it was game over for this run. When I was rebooted into Windows, TM Titanium decided it needed to reinstall again, including downloading MS Visual C++2005 Redistributable again. The result is I have two TM Titanium's in my Uninstall / Change program list. Microsoft Visual C++ 2005 RedistributableTrend Micro Titanium Maximum Security Trend Micro™ Titanium™ Maximum Security When I saw TM Titanium reinstalling itself, I quickly tried to run TM RB again. Nup. ("The drive is full or you do not have the permission to perform this task. Contact your system administrator.") nb. the two runs were seconds apart, only thing separating them was the Windows Update reboot. Whilst I waited for the morans at TM Chat to refer to their "Dealing with Abusive Customers" manuals, I downloaded some beefed up firewall program from their site. When I extracted the zip file, no application file at all. Just a stack of nothing really (a very common symptom of the last week). Wanting to keep the system as uncluttered as possible, but also bored, I tried to run TM RB again and got a new error message ("A driver has been installed. You must restart Windows.") I tried to run Catchme but it was zapped. It only produced this: "detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error" Gmer shot out this: GMER 1.0.15.15530 - http://www.gmer.netRootkit scan 2011-02-23 02:37:46 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKS-00UU3A0 rev.01.03B01 Running: 2bfrw37l.exe; Driver: C:\Users\GOSCUT~1\AppData\Local\Temp\uwldqpow.sys ---- System - GMER 1.0.15 ---- SSDT 85842D60 ZwCreateKey SSDT 8591DCC0 ZwCreateMutant SSDT 85841860 ZwCreateProcess SSDT 85841B60 ZwCreateProcessEx SSDT 8591E080 ZwCreateSymbolicLinkObject SSDT 8591D600 ZwCreateThread SSDT 8591D7E0 ZwCreateThreadEx SSDT 85841E60 ZwCreateUserProcess SSDT 85843360 ZwDeleteKey SSDT 85843C60 ZwDeleteValueKey SSDT 8591E260 ZwDuplicateObject SSDT 8591D9C0 ZwLoadDriver SSDT 85842160 ZwOpenProcess SSDT 8591D240 ZwOpenSection SSDT 85842460 ZwOpenThread SSDT 85843660 ZwRenameKey SSDT 85843960 ZwRestoreKey SSDT 8591DEA0 ZwSetSystemInformation SSDT 85843060 ZwSetValueKey SSDT 85842760 ZwTerminateProcess SSDT 85842A60 ZwTerminateThread SSDT 8591D420 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 .text ntkrnlpa.exe!RtlSidHashLookup + 308 .text ntkrnlpa.exe!RtlSidHashLookup + 318 .text ntkrnlpa.exe!RtlSidHashLookup + 32C .text ntkrnlpa.exe!RtlSidHashLookup + 348 .text ntkrnlpa.exe!RtlSidHashLookup + 364 .text ... PAGE spsys.sys!?SPRevision@@3PADA + 4F90 PAGE spsys.sys!?SPRevision@@3PADA + 50B3 PAGE spsys.sys!?SPRevision@@3PADA + 529A PAGE spsys.sys!?SPRevision@@3PADA + 5329 PAGE spsys.sys!?SPRevision@@3PADA + 538F PAGE ... ---- User code sections - GMER 1.0.15 ---- ***(300-400 of these chrome.exe entries below)*** .text C:\Users\goscuter1\AppData\Local\Google\Chrome\Application\chrome.exe[396] ntdll.dll!NtCreateFile + 6 .text C:\Users\goscuter1\AppData\Local\Google\Chrome\Application\chrome.exe[396] ntdll.dll!NtOpenFile + B .text C:\Users\goscuter1\AppData\Local\Google\Chrome\Application\chrome.exe[396] ntdll.dll!NtOpenProcess + 6 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) Device \Driver\ACPI_HAL \Device\0000003d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????.0????????????????????????????X??+????????h?????%SystemRoot%\system32\svchost.exe -k imgsvc????????'???+??????????????????????P??+?????????n????@%SystemRoot%\system32\wiaservc.dll,-10??????????+???+????????0??+???????????e??RpcSs?ShellHWDetection??????? 4??+??????????????NT Authority\LocalService?????\??+???+?????e?+???????????????????????????+??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege???????'???+?+?+?+?+?+?+?+????? ???????'???????????+?*?????????????????????+??????????????????????????????????t????+??????????????????????0????????????????p???????????????????? ?????????????????????????????????????????????????? ???????????????? ??+????????@??????????h??@%systemroot%\system32\SearchIndexer.exe,-103?????f??+????????h?????%systemroot%\system32\SearchIndexer.exe /Embedding????????????????????????\??+?????????n????@%systemroot%\system32\SearchIndexer.exe,-104????????????+???+???????+???????????e??RPCSS???????? ???+??????????????LocalSystem??????????????+????????????? Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{F1E2F543-3E99-11E0-868B-806E6F6E6963} 70168344 ---- EOF - GMER 1.0.15 ---- I mean, seriously. There are hidden processes highlighted in red running, named generic System-like names. Why are they hidden, and why so many duplicates of processes like svchost.exe and taskhost.exe when nothing is hardly installed or running? Over 100 processes with like 5 programs installed and only a couple running? I tried running IceSword but the malware killed it upon extraction. Rootkit Detective came up with 158,000 "discrepancies". Rootkit Revealer showed up hundreds of hidden "hooks" and I crossed fingers and "unhooked" them all and nothing happened so I'm guessing they weren't 'critical'. This is all on a low-level formatted drive, GenAdvantage Win7 installation, immediately after booting up for the first time. Albeit with a switched-off laptop with wireless router in the room, which.... ...switched on by itself when I loaded up Windows on the desktop. And I've never seen that before. Anyway I'm getting new drives today I think, unless I'm too lazy then I'll probably have a crack at flashing the BIOS's... Link to comment Share on other sites More sharing options...
Crossy Posted February 23, 2011 Share Posted February 23, 2011 I've not read all this thread but I suspect that you are over-analysing the situation, this is what I would do:- Disconnect all network connections from the suspect machine. Zero the drive as you've already been able to do (probably not necessary but can do no harm). Install W7 from your disk (if you decided not to zero your disk remove all partitions during the install process). DO NOT install anything else. Turn off wireless on your router (we don't want a potentially infected machine connecting accidentally). Plug ONLY the machine of interest into the router. Fire up Windows Update, let it do its stuff. Get Microsoft Security Essentials (free for genuine W7 and Vista installations). If you have a portable drive make a disk image to it (Start - Control Panel - System and Security - Backup and Restore) make a Recovery Disk when it asks you, this will enable you to quickly get back to this stage if it all goes pear-shaped. Disconnect the portable drive. Start installing your application software. Link to comment Share on other sites More sharing options...
Crushdepth Posted February 23, 2011 Share Posted February 23, 2011 I agree, try the above in the order it is laid out. I would add step 10.5: Examine the machine for signs of flaky behaviour *before* you go installing any software or drivers on it. Frankly I would not bother with all these rootkit and malware detectors at this stage. Most of them will generate a large number of warnings. Ignore 'suspicious' and 'discrepancy', this just means the programme doesn't know what it is. While I agree you should flash the bios and scorch the drive just to be sure, I very much doubt that either of these are the problem. If you do still have malware after all of this the source is almost certainly one of these: * The software or drivers going on after windows (download your drivers from the manufacturers website or live without them for the time being). * Crap jumping on from infected machines on the network. * The USB key. Link to comment Share on other sites More sharing options...
TheyCallmeScooter Posted February 23, 2011 Author Share Posted February 23, 2011 F Dell. I just had the queerest phone call with some senior tech guy who promised me he'd sort it yesterday and never called me back. He called me early this morning to clarify some things, took control of my desktop, grabbed some system information, then promised to call me back as the line was supposedly poor (I could hear him almost crystal clear at my end). Didn't call back until just now. First he tried to close out the support ticket by pointing out "the laptop was fine though, wasn't it..after the installation?" I conceded that it was, for a few hours. But followed that up with a 20th request for explanation why the technician put a non-existent ControlVault firmware on my system. He responded to that saying my $3200 Latitude E6500 wasn't compatible with the Dell ControlVault firmware, and I knew something murky was in the offing then. 20/02/2011 12:56:35 AM Starting ControlVault Firmware UpgradeC:\dell\drivers\ControlVault Firmware 14.x132.0\firmware\ushbip32.exe v2.2.2.12 Going to update ControlVault firmware from 00.6.89.0 to 14.6.132.0 Going to stop Host Services. Going to stop Host and DCP tasks. Checking current ControlVault status. Found ControlVault Chip Type: 5880 C0 CustID 7 Loading sbiC07.otp into ControlVault. Going to update the SBI. Going to reset to SBI via TPM. Waiting for ControlVault to come up. (~5 seconds) Going to update SBI via TPM. Going to ClearSCD via TPM. Going to reset ControlVault. Waiting for ControlVault to come up. (~5 seconds) Going to update BCM via TPM. Going to reset to ControlVault via TPM. Waiting for ControlVault to come up. (~5 seconds) Going to update the PBA. (~30 seconds) Loading pbaapp.bin into ControlVault. Going to update the RFID parameters. Loading rfiddflt.cfg into ControlVault (System ID: 24f). The ControlVault firmware has been updated successfully. You must restart the system to activate the new firmware. 20/02/2011 10:35:55 PM Starting ControlVault Firmware Upgrade C:\dell\drivers\ControlVault Firmware 14.x132.0\firmware\ushbip32.exe v2.2.2.12 Going to update ControlVault firmware from 14.6.132.0 to 14.6.132.0 Return Code: 0x2 I repeated my request for an explanation, and he sighed and said he had been very accommodating thus far, and couldn't accommodate any further. Although it was a cheap trick, I was forced to point out he had only used up a lot of my time until now, and if accommodation had been given, I must have missed it. I asked him again to explain the technician's obscure actions with all the drivers, some of which clearly don't exist. He changed tune and said they all exist, and said he had to go. I demanded a reference to the drivers placed on my system, as Google shows up a pretty conclusive blank for the firmware the Dell tech guy placed on the brand new drive: He scoffed at my suggestion that he provide a PDF file or some form of documentation to prove that this on-again, off-again ControlVault firmware existed at all. I said if he provides that, I'll ignore the fact that the Dell technician apparently hasn't heard of Dell.com. He said he didn't have the time for my "many requests". I pointed out that I just had the single request, an explanation for why non-existent ControlVault firmware - the kind of thing which is kind of important to install the latest release of - had been placed on my laptop by a Dell technician. He quickly said he could only give me my purchase price for the laptop back, but that was really an exceptional favour etc and had I tried flashing the BIOS yet and he suggested I uninstall the Dell drivers completely and reinstall them all etc... I told him to expect an incoming call from my lawyers (I don't have any), and he said the legal team has already been notified. This cannot be SOP for a company the size of Dell...or is it exactly what they would do in a spot like this? Link to comment Share on other sites More sharing options...
Supernova Posted February 23, 2011 Share Posted February 23, 2011 (edited) No wonder you're having problems -- it's all the proprietary junk you have on there. Malware should be the least of your worries. As a general rule, I never install any applications provided by the computer manufacturer. Besides, you don't need them anyway. The only items that should be installed following Windows installation are the device drivers for your computer. Start with the basics: 1. Chipset 2. Audio and Video 3. Network (ethernet / WLAN) Additional drivers may be required for bluetooth, card readers, or other input devices. Be sure to check the Windows Device Manager for any 'unknown' devices and install drivers for those devices accordingly. Nothing more, nothing less. Edited February 23, 2011 by Supernova Link to comment Share on other sites More sharing options...
TheyCallmeScooter Posted March 3, 2011 Author Share Posted March 3, 2011 (edited) No wonder you're having problems -- it's all the proprietary junk you have on there. Malware should be the least of your worries. As a general rule, I never install any applications provided by the computer manufacturer. Besides, you don't need them anyway. The only items that should be installed following Windows installation are the device drivers for your computer. Start with the basics: 1. Chipset 2. Audio and Video 3. Network (ethernet / WLAN) Additional drivers may be required for bluetooth, card readers, or other input devices. Be sure to check the Windows Device Manager for any 'unknown' devices and install drivers for those devices accordingly. Nothing more, nothing less. Actually, I think it was all the Windows Update "Recommended" drivers I was downloading which was causing some of the hassles. I realise just now there is a distinction between those and the automatic Windows drivers that install when new PnP devices are plugged in...or perhaps there isn't a distinction? In any case, I dban'd the hard drives, then went lean and clean on Dell.com drivers prior to going online and rejected all Windows Update suggestions for my laptop (all the Win Update drivers seem fine with my desktop), and so far so good! I've not read all this thread but I suspect that you are over-analysing the situation, this is what I would do:- Disconnect all network connections from the suspect machine. Zero the drive as you've already been able to do (probably not necessary but can do no harm). Install W7 from your disk (if you decided not to zero your disk remove all partitions during the install process). DO NOT install anything else. Turn off wireless on your router (we don't want a potentially infected machine connecting accidentally). Plug ONLY the machine of interest into the router. Fire up Windows Update, let it do its stuff. Get Microsoft Security Essentials (free for genuine W7 and Vista installations). If you have a portable drive make a disk image to it (Start - Control Panel - System and Security - Backup and Restore) make a Recovery Disk when it asks you, this will enable you to quickly get back to this stage if it all goes pear-shaped. Disconnect the portable drive. Start installing your application software. I agree, try the above in the order it is laid out. I would add step 10.5: Examine the machine for signs of flaky behaviour *before* you go installing any software or drivers on it. Frankly I would not bother with all these rootkit and malware detectors at this stage. Most of them will generate a large number of warnings. Ignore 'suspicious' and 'discrepancy', this just means the programme doesn't know what it is. While I agree you should flash the bios and scorch the drive just to be sure, I very much doubt that either of these are the problem. If you do still have malware after all of this the source is almost certainly one of these: * The software or drivers going on after windows (download your drivers from the manufacturers website or live without them for the time being). * Crap jumping on from infected machines on the network. * The USB key. Thanks to everyone who assisted with advice, in particular Supernova, Darrel, and the two gentlemen who gave the great advice above. Dot-point instructions are tops for morans like me...cheers...!! Edited March 3, 2011 by TheyCallmeScooter Link to comment Share on other sites More sharing options...
Supernova Posted March 4, 2011 Share Posted March 4, 2011 Actually, I think it was all the Windows Update "Recommended" drivers I was downloading which was causing some of the hassles. Always download and install device drivers from the hardware manufacturer's website, if possible. NEVER install device drivers offered by Windows Update, unless you have no other alternative. I'm glad you finally got it sorted. Link to comment Share on other sites More sharing options...
TheyCallmeScooter Posted March 14, 2011 Author Share Posted March 14, 2011 I'm glad you finally got it sorted. And....noose. FML Problems are back. I think I'm close to working out what's going on though - I'm certain the answers lie in my cbs.log files - but finding someone who can read a cbs.log is proving surprisingly difficult. 2011-02-25 19:59:15, Info CBS Session: 30135531_3462241678 initialized by client DISM Package Manager Provider. Firstly, why do I have a cbs.log file with that date lol. So much for low-level formatting. I think it's the DELL HPA or some hidden partition. Secondly, why in heaven's name is DISM deploying on my DELL? My desktop cbs.log has no DISM intialised sessions. But I'm certain that the DELL technician is to blame for all this. He did what there is literally no possible (valid) explanation for doing (install 2005>2009 outdated, unsupported, obscure, and unnecessary drivers and firmware and setup files). I mean, why wouldn't he just go to DELL.com, enter in the service code and press Download - to do anything else is mind-blowing, and warrants an explanation, even if there were no problems whatsoever. The fact that all his 'unexplainable' actions so coincidentally tie in with every single problem I'm having....ahem? I guess he's a DELL technician who's never heard of DELL.com? lol. DELL is unbelievable. I was joking about lawyers before but I might have to take them to court over this. This is getting beyond outrageous now. I have active Next Business Day on-site Warranty and CompleteCover coverage (I could drop this laptop from a ladder - and I am pretty close to doing just that - and my Cover guarantees replacement within a business day) and DELL are just blatantly lying in response to some questions, and just flat-out ignoring questions that demand an explanation. It's ludicrous. They keep telling me that the firmware he installed is all completely standard, so I demand they prove the fact, they swear they'll do so, but...it just keeps slipping their mind to send me the PDF files. I mean, even if the firmware he put on there actually exists, it's got to be the most obscure firmware ever. And if it was supposed to be on my machine, why did I get prompted to replace it immediately? I believe questions don't get more valid than that, and DELL is doing "no comment". What's going on here... NBD onsite Warranty, and they ignore my demands they send an investigative team out and to bring the police along...for a month. It's almost surreal. But anyway, I am 99% certain that every single OS installation I've done from the Windows 7 genuine advantage discs...has actually just triggered a deployment. He's deploying Windows images silently. Every time I run sfc /scannow, 5 minutes later a process silently corrupts the files again, uploading from an offline registry hive. I ran Security Check and it says my Java is out of date (it's not), but when I try to d/l Java again, it gives this error message: Googling the 1606 Error took me to Application Data (I forget why) but it says "Access is Denied" for my own folders. I'm logged in as Administrator but I cannot take control of some of the Windows Image folders/files that are being used to make my life hell... My systems are crawling. My desktop will be completely powered down and then it'll just switch on automatically, it really creeps me out. It's all a huge mess. Aren't the virtual drives ultimately stored on a physical drive ... that you wiped? Well I thought so. But reading now, it seems like things weren't that simple. Does DBAN wipe the Host Protected Area ("HPA")? No. Most vendors that are using the HPA have a toggle for it in the BIOS setup program. Future releases of DBAN may override or dishonor the HPA. Does DBAN wipe remapped sectors? Use the ATA-6 wipe method if you want to wipe remapped sectors. Most methods do not wipe remapped sectors. Why doesn't DBAN detect the disks in a RAID array? DBAN has drivers for most RAID implementations, but DBAN does not automatically disassemble RAID volumes. The operator must manually disassemble RAID volumes and put each component into "JBOD" or "SINGLE" mode for the disks to be recognized by DBAN. I mean...if it's not going to wipe the HPA...lol wut. Link to comment Share on other sites More sharing options...
.png.3b3332cc2256ad0edbc2fe9404feeef0.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now