Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Something has taken over my wife's computer

28 Aug 2013   #1
jp1engr

Windows 7 Professional 64b
 
 
Something has taken over my wife's computer

This evening I was passing by our computer room, when the computer suddenly started playing a mish-mash of audio streams or files. It starts with a musical introduction, then a woman speaking Spanish, then a "news" stream joining that, until several streams were stepping on one another, making all unintelligible.

I killed both her instances of IE, then her Word instance, finally everything. No help. I logged out of her account; even with no one logged in, it continued -- it seems to die out after 10 minutes or so, then restart half an hour or so later.

After I logged into my own account, I looked at the Task Manager, which showed no applications running (audio was still running full steam). I looked at processes, but, since I don't know what all the process names mean, I couldn't tell if anything was out of order.

I opened my corporate Symantec End Point Protection (required by my employer, since I occasionally log in to the facility via vpn), and it saw no problems. I checked for updates, and it said it was up to date.

I restarted Windows and it installed one update. A few minutes after it completed and I logged in, the audio mish-mash continued.

Any ideas>


My System SpecsSystem Spec
.
28 Aug 2013   #2
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

Poltergeists?

Couldn't resist, the title sounds like a movie.

What happens if you disconnect from the net?
My System SpecsSystem Spec
28 Aug 2013   #3
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Sounds like it might be the "Whistler Bootkit". This infection steals passwords and all 'critical' information. Banking and credit card institutions should be notified of the possible security breech.

My recommendation would be to wipe the OS (operating service) and do a "clean install".
My System SpecsSystem Spec
.

28 Aug 2013   #4
cottonball

Windows 7 Home Premium
 
 

jp1engr,


Try the following for the "Poltergeists":

Please go to the TDSSKiller Download, and select the .exe version
Double-click on TDSSKiller.exe to run the program.

When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK

Press: Start Scan

•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
•Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

When done, the tool creates a log on the disk with the Windows Operating System, normally C:\

Logs have a name like:
C:\TDSSKiller.X.X.X_08.30.2013_15.31.43_log.txt

Please attach the TDSSKiller log in your reply.
My System SpecsSystem Spec
29 Aug 2013   #5
jumanji

Windows 7 Home Premium 32 bit
 
 

Exorcist..
My System SpecsSystem Spec
29 Aug 2013   #6
Stephanie

Win 7 Pro x64, Win 10 Pro x64, Linux Light x86
 
 

Quote   Quote: Originally Posted by jp1engr View Post
This evening I was passing by our computer room, when the computer suddenly started playing a mish-mash of audio streams or files. It starts with a musical introduction, then a woman speaking Spanish, then a "news" stream joining that, until several streams were stepping on one another, making all unintelligible.

I killed both her instances of IE, then her Word instance, finally everything. No help. I logged out of her account; even with no one logged in, it continued -- it seems to die out after 10 minutes or so, then restart half an hour or so later.

After I logged into my own account, I looked at the Task Manager, which showed no applications running (audio was still running full steam). I looked at processes, but, since I don't know what all the process names mean, I couldn't tell if anything was out of order.

I opened my corporate Symantec End Point Protection (required by my employer, since I occasionally log in to the facility via vpn), and it saw no problems. I checked for updates, and it said it was up to date.

I restarted Windows and it installed one update. A few minutes after it completed and I logged in, the audio mish-mash continued.

Any ideas>
Sounds bad, I would take Jacee advice, one method I use is Darik's Boot And Nuke its not fast but does do the job.
My System SpecsSystem Spec
29 Aug 2013   #7
jp1engr

Windows 7 Professional 64b
 
 

Jacee, Cottonball, Stephanie,

Thanks; I'll start with a complete cleanup. I'd been thinking of that for a while, since her disk was messed up by a failed linux install a few months ago (I've used unix and linux for decades, but between W7 and EFI, I couldn't handle it this time...).

Be in touch in a couple of days.
My System SpecsSystem Spec
29 Aug 2013   #8
jp1engr

Windows 7 Professional 64b
 
 

Ok,

As I was setting up to wipe the drive and reinstall, I decided to try TDSSKiller, so I'd at least know what happened. From Cottonball's recommendation, I installed and ran it.

It found and cleaned out (I hope?) Rootkit.Boot.Harbinger.a. As requested, here's the log; I hope it's ok to include this 132K file, as Cottonball asked?

Now I'll try Stephanie's recommendation, hoping it'll agree I'm clean. Thanks, all.

jp


Attached Files
File Type: txt TDSSKiller.2.9.2.0_29.08.2013_21.32.03_log.txt (131.6 KB, 13 views)
My System SpecsSystem Spec
29 Aug 2013   #9
jp1engr

Windows 7 Professional 64b
 
 

So, while waiting for DBaN to download, I searched for info on Rootkit.Boot.Harbinger.a. I found here,

Guide to Completely Remove Rootkit.boot.Harbinger.a Virus (Manual Removal) - Tee Support Blog

a statement that it "can't be detected by any antivirus completely". This was written July 21 -- only a month ago. Has Kaspersky solved this by now, or should I undertake Ms. Young's long, involved, and risky-looking process?

By the way, you may notice that I forgot to enable the Detect TDLFS File System item. I ran it a third time (it ran twice the first time) with that enabled, and it found nothing.

jp
My System SpecsSystem Spec
29 Aug 2013   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

It's totally up to you, but if it was my computer, I would never be able to trust that it would be stable again, without a wipe and clean install.

Read this too, if you want to try to work with a Bootkit/Rootkit How to remove a bootkit
My System SpecsSystem Spec
Reply

 Something has taken over my wife's computer




Thread Tools




Similar help and support threads
Thread Forum
Sharing files on my wife's computer
Hello: My wife and I both have Windows 7 Ultimate, and while I was able to map one of here drives on my computer earlier, after she got a 64-bit-enabled computer, I cannot. Well. I got as far as to see her User folders, but not here C: and D: drives (I really only want her D: (data) drive). ...
Network & Sharing
Lost the video on wife's computer
My wife was playing a game and her computer froze. I tried to close it but that didn't work. Tried control/alt/delete...no response. I ultimately had to resort to hitting the off switch. When I tried to boot back up I was getting "No Signal" on monitor. I tried it several times to no avail. I...
Graphic Cards
Random BSOD on wife's work computer
My wife has had a couple of BSOD's when I am not around to see the error message. She just reboots and continues working. I have attached the zip file for review. The machine is an IBM ThinkCentre desktop running Windows 7 Ultimate 32 bit. The hardware is a few years old, but it has been running...
BSOD Help and Support
Acess Denied on Wife's Computer
I am about to give up, I cannot get my wife's computer to let me access her files Via the network (I want to be able to access all her files not just a few.) I have 3 other machines on the network, no problems accessing the files on them, There are 4 computers on the network, all are running...
Network & Sharing
Constant BSOD's on wife's computer
My wife and I have the exact same computer. Tried switching various parts from mine with hers with the same results. She constantly gets BSODs and I never get them. Went so far as switching the entire computer leaving just her HDD. Again hers (the one with her HDD in it) BSODs constantly. I did a...
BSOD Help and Support
Cannot connect to Wife's Computer
No matter what I try I cannot connect to my wife's computer. She is running XP service pack 3 (does not want to change) I am running Windows 7 x64. She can see my public folders but even though I have shared folders on her machine I cannot see it in my network. we both share the same work group...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:41.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App