Windows 7 forum


Fix It or Start Fresh?

by BDaniPhotography / December 9, 2012 4:38 AM PST

As a former Linux user, I didn't think about installing any virus protection software when I first bought my current laptop (Samsung R580) that runs on Windows 7 Home Premium (niave, I know. I've learned my lesson). My laptop was fine for the first 6-8 months until I some strange things started happening. When I would Google something and click on a search result, I would be redirected to a website trying to sell me things. A friend of mine did some research, and told me my laptop had something called a "click jacker". We found a work-around. Then, I was primarily using Google Chrome as my browser of choice until it started loading websites slowly and then not at all. I switched to Mozilla Firefox for a while until it started behaving the same way. Now, I am using IE which is working great, but what do I do when the same thing happens to this web browser? I would really like to start fresh, but I have never attempted anything like that before. I am looking for guidance. Any help or direction would be greatly appreciated.

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Fix It or Start Fresh?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Fix It or Start Fresh?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Try Grif's advice first.
by R. Proffitt Forum moderator / December 9, 2012 4:51 AM PST
In reply to: Fix It or Start Fresh?
Collapse -
I followed the instructions
by BDaniPhotography / December 9, 2012 5:38 AM PST

I followed the instructions from the post in your link, but I don't see any difference in the performance of my laptop. What is my next step?

Collapse -
Did RKILL find anything?
by R. Proffitt Forum moderator / December 9, 2012 6:34 AM PST

It's the rare machine that didn't cough up a clue with those scans.

There is also the issue of performance robbing apps or "toxic combinations." As I only have what you share, your choice to tell all. For example a HIJACKTHIS log could reveal some combos I know of and then you can consider the r580's factory restore options.

This model has different restores available based on the user's choices when they boot the machine. I can't tell which option you used or if you created the restore media in case it all went south.

Collapse -
Malwarebytes Scan
by BDaniPhotography / December 10, 2012 7:04 AM PST

Below, I have inserted the log of a full Malwarebytes scan to see if anyone can make sense of it for me and tell me what I can do. After this post, I will try removing the six threats Malware identified and restart my computer, but I don't think it will do any good.

Malwarebytes Anti-Malware (PRO)

Database version: v2012.12.09.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Brittany :: BRITTANY-PC [administrator]

Protection: Enabled

12/10/2012 3:06:48 PM
mbam-log-2012-12-10 (16-35-34).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 480856
Time elapsed: 1 hour(s), 6 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Windows\assembly\tmp\U\00000001.@ (Rootkit.0Access) -> No action taken.
C:\Windows\assembly\tmp\U\000000cf.@ (Trojan.Agent) -> No action taken.
C:\Windows\assembly\tmp\U\800000c0.@ (Rootkit.0Access) -> No action taken.
C:\Windows\assembly\tmp\U\800000cf.@ (Rootkit.0Access) -> No action taken.
C:\Users\Brittany\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> No action taken.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> No action taken.


Collapse -
You found a RootKit. Zeroaccess
by R. Proffitt Forum moderator / December 10, 2012 7:09 AM PST
In reply to: Malwarebytes Scan
Collapse -
I need clarification.
by BDaniPhotography / December 10, 2012 9:45 AM PST

I read the thread you linked to, but I don't understand how to fix the problems with my laptop. I am not paying Norton or anything like that, so I cannot ask them to fix the problems for me. Is there more information that I could provide to find a solution?

Collapse -
Sorry but this rootkit is the worst I've encountered.
by R. Proffitt Forum moderator / December 10, 2012 9:50 AM PST
In reply to: I need clarification.

Why? Because without a full Windows 7 DVD (Retail!) any method I would use does not help anyone.

I've alerted those I know to chime in and I'm a little puzzled that you didn't use that new search engine called google, ask, duckduckgo or yahoo to learn more about this and other rootkits.

You don't have to answer but is research like this is something we do when we get into a new area. I know I did that with Linux so why not here?

Collapse -
Fresh start is best ...
by tumbleweed_biff / December 13, 2012 12:19 PM PST
In reply to: Fix It or Start Fresh?

I have always heard those things you are experiencing referred to as "browser hijackers" as they are hijacking your browser. The symptoms you descripe -> going to sales sites instead of desired location, slow browsing, pages unable to load, are all common to these pieces of malware.

Any time you become infected with malware, your best bet is a full wipe and load. Many pieces of malware either openly invite additional malware or at least open the door for more to come in, so odds are you have multiple infections. No AV product gets every piece of malware. I run Panda Cloud along with Threatfire on an 'ALWAYS ON' basis and routinely run Malwarebytes as a manual scan.

If you don't want to do a fresh load, then you can try running Spybot Search and Destroy along with some other AV tools. You should run at least one stand alone bootable AV product from outside of Windows, preferably 2, in addition to running at least one within windows. Kaspersky, Panda, and several others all make a free bootable tool you can use.

Your Malwarebytes scan looked like it found some things but it didn't repair them and you should run it again, instructing it to repair/delete anything found.

Your safest bet, however, is to offload your data onto a backup device (DVD/external HDD/etc.) and then reload Windows. Before the machine connects to a network/internet, you should install your desired AV program along with its current database version. You should then run Windows Update until you are told there are no updates. You will probably have to reboot at least 3 times during this.

Once you have AV installed, up to date, and Windows is updated, SCAN your data backup and then load it back on to your machine, along with installing any other programs you need. Once your system is configured to your liking for day to day use and has all your data in place, create an image of the drive with which you can easily wipe and restore should the need arise. Marium offers a free version of their Reflect program which is very easy to use for this purpose.

Next, practice safe hex. One of the best ways for you to do this is to make sure that you are using a standard account and not an administrator account, to do your day to day computing.

The 3 most common sources of malware on the internet: gambling sites, porn sites, and warez sites (so-called "file-sharing" of copyright protected software like piratebay and uTorrent).

1) If you have enough money you can afford to lose it gambling, please send it to me, because I need it, desperately.

2) You shouldn't steal software. There is enough free stuff out there to do just about anything you need anyway (check out Sourceforge, for example) and programmers deserve to get make a living on their work, just like a carpenter, a pipe-fitter, or an accountant.

3) Finally, porn has been proven to have a very negative effect on society, ethics, morals, and relationships, so you should really try to be strong and avoid it.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

Coming soon

Get behind the wheel with Roadshow

Love cars? Climb into the driver's seat for the latest videos, reviews, shopping advice and picks by our editors delivered to your inbox every week.