Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Something has taken over my wife's computer

28 Aug 2013   #1

Windows 7 Professional 64b
 
 
Something has taken over my wife's computer

This evening I was passing by our computer room, when the computer suddenly started playing a mish-mash of audio streams or files. It starts with a musical introduction, then a woman speaking Spanish, then a "news" stream joining that, until several streams were stepping on one another, making all unintelligible.

I killed both her instances of IE, then her Word instance, finally everything. No help. I logged out of her account; even with no one logged in, it continued -- it seems to die out after 10 minutes or so, then restart half an hour or so later.

After I logged into my own account, I looked at the Task Manager, which showed no applications running (audio was still running full steam). I looked at processes, but, since I don't know what all the process names mean, I couldn't tell if anything was out of order.

I opened my corporate Symantec End Point Protection (required by my employer, since I occasionally log in to the facility via vpn), and it saw no problems. I checked for updates, and it said it was up to date.

I restarted Windows and it installed one update. A few minutes after it completed and I logged in, the audio mish-mash continued.

Any ideas>

My System SpecsSystem Spec
.

28 Aug 2013   #2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

Poltergeists?

Couldn't resist, the title sounds like a movie.

What happens if you disconnect from the net?
My System SpecsSystem Spec
28 Aug 2013   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Sounds like it might be the "Whistler Bootkit". This infection steals passwords and all 'critical' information. Banking and credit card institutions should be notified of the possible security breech.

My recommendation would be to wipe the OS (operating service) and do a "clean install".
My System SpecsSystem Spec
.


28 Aug 2013   #4

Windows 7 Home Premium
 
 

jp1engr,


Try the following for the "Poltergeists":

Please go to the TDSSKiller Download, and select the .exe version
Double-click on TDSSKiller.exe to run the program.

When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK

Press: Start Scan

•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
•Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

When done, the tool creates a log on the disk with the Windows Operating System, normally C:\

Logs have a name like:
C:\TDSSKiller.X.X.X_08.30.2013_15.31.43_log.txt

Please attach the TDSSKiller log in your reply.
My System SpecsSystem Spec
29 Aug 2013   #5

Windows 7 Home Premium 32 bit
 
 

Exorcist..
My System SpecsSystem Spec
29 Aug 2013   #6

Windows 7 Professional x64 SP1
 
 

Quote   Quote: Originally Posted by jp1engr View Post
This evening I was passing by our computer room, when the computer suddenly started playing a mish-mash of audio streams or files. It starts with a musical introduction, then a woman speaking Spanish, then a "news" stream joining that, until several streams were stepping on one another, making all unintelligible.

I killed both her instances of IE, then her Word instance, finally everything. No help. I logged out of her account; even with no one logged in, it continued -- it seems to die out after 10 minutes or so, then restart half an hour or so later.

After I logged into my own account, I looked at the Task Manager, which showed no applications running (audio was still running full steam). I looked at processes, but, since I don't know what all the process names mean, I couldn't tell if anything was out of order.

I opened my corporate Symantec End Point Protection (required by my employer, since I occasionally log in to the facility via vpn), and it saw no problems. I checked for updates, and it said it was up to date.

I restarted Windows and it installed one update. A few minutes after it completed and I logged in, the audio mish-mash continued.

Any ideas>
Sounds bad, I would take Jacee advice, one method I use is Darik's Boot And Nuke its not fast but does do the job.
My System SpecsSystem Spec
29 Aug 2013   #7

Windows 7 Professional 64b
 
 

Jacee, Cottonball, Stephanie,

Thanks; I'll start with a complete cleanup. I'd been thinking of that for a while, since her disk was messed up by a failed linux install a few months ago (I've used unix and linux for decades, but between Windows 7 and EFI, I couldn't handle it this time...).

Be in touch in a couple of days.
My System SpecsSystem Spec
29 Aug 2013   #8

Windows 7 Professional 64b
 
 

Ok,

As I was setting up to wipe the drive and reinstall, I decided to try TDSSKiller, so I'd at least know what happened. From Cottonball's recommendation, I installed and ran it.

It found and cleaned out (I hope?) Rootkit.Boot.Harbinger.a. As requested, here's the log; I hope it's ok to include this 132K file, as Cottonball asked?

Now I'll try Stephanie's recommendation, hoping it'll agree I'm clean. Thanks, all.

jp


Attached Files
File Type: txt TDSSKiller.2.9.2.0_29.08.2013_21.32.03_log.txt (131.6 KB, 5 views)
My System SpecsSystem Spec
29 Aug 2013   #9

Windows 7 Professional 64b
 
 

So, while waiting for DBaN to download, I searched for info on Rootkit.Boot.Harbinger.a. I found here,

Guide to Completely Remove Rootkit.boot.Harbinger.a Virus (Manual Removal) - Tee Support Blog

a statement that it "can't be detected by any antivirus completely". This was written July 21 -- only a month ago. Has Kaspersky solved this by now, or should I undertake Ms. Young's long, involved, and risky-looking process?

By the way, you may notice that I forgot to enable the Detect TDLFS File System item. I ran it a third time (it ran twice the first time) with that enabled, and it found nothing.

jp
My System SpecsSystem Spec
29 Aug 2013   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

It's totally up to you, but if it was my computer, I would never be able to trust that it would be stable again, without a wipe and clean install.

Read this too, if you want to try to work with a Bootkit/Rootkit How to remove a bootkit
My System SpecsSystem Spec
Reply

 Something has taken over my wife's computer




Thread Tools



Similar help and support threads for2: Something has taken over my wife's computer
Thread Forum
Got "Not Genuine Windows" message on wife's computer Windows Updates & Activation
Lost the video on wife's computer Graphic Cards
Random BSOD on wife's work computer BSOD Help and Support
Acess Denied on Wife's Computer Network & Sharing
Solved New Laptop for Wife Hardware & Devices
Constant BSOD's on wife's computer BSOD Help and Support
Cannot connect to Wife's Computer Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:20 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33