Hi all,
A few weeks ago I posted here regarding my mother in law’s PC. It had some malware on it that was causing a bunch of different issues; avast blocking malicious outbound urls, powershell has stopped working error messages, high CPU utilization, etc etc. The original post is here:
Valinorum assisted me with removal and all seemed well at first. I monitored the computer here at my house for a couple of days before giving it back and did not see any issues, assumed it was clean. After she had it back, within a day the symptoms had returned.
So a week or two later I took it back home and decided to do a clean wipe and reinstall of windows. I reformatted the hard drive using the windows installer reformat utility, and installed a clean copy of windows. Everything seemed fine again.
Well, guess what? After she had it back for a couple of days the symptoms are now returning. She said she is getting the malicious URL warnings from avast again.
I do not have the computer in my possession currently so I cannot post logs yet but I wanted to get some opinions about what I might do the next time I have it. Is it possible that when I wiped the hard drive it was not sufficient? Can the virus/malware be hiding somewhere else?
She is not a heavy computer user. She basically just does word processing and uses the webmail client that Windstream (her ISP) provides. Also some facebook, and that’s about it. When I performed the reinstall I made sure that everything was up to date before handing it over… all windows updates, flash, avast / MBAM installed, etc.
Any thoughts here? Next time I get my hands on the computer I’d love to eradicate this thing once and for all.
Hmm I don’t think she is using any burned media or USB sticks, but I will ask.
Is it possible that it could have hidden on the HDD somehow? Like in the master boot record? I’d assume that my initial scans and removal attempt would have revealed if it was the type of virus that was doing that but I could be wrong.
Off Topic but theres a malware for Macs especially for MacBooks that you cannot get rid of even by replacing the harddrive. Its only a matter of time until we have this on Windows, Ms needs to work on security now.
Sorry, you are right. I shouldn’t have said “A Myth”. Theoretically, if one can keep his/her BIOS on the system, someone in this world, will at one time (If not even now) has a virus that cannot be removed. More or less, sticks itself onto the BIOS. But too my knowledge, it doens’t exist yet.
The only solution to this: Make your Own OS, or use on that ISN’T common (Like Linux).
Note: Just like the BIOS, a computer has Motherboard Drivers: This can be abused I’m sure at some point. Like Steven said, just a matter of time.
99% of your security, is how you operate your system, not programs.
She has chrome installed, but only because either I or my wife installed it at some point. She generally uses IE. She does not even have a google account, so she wouldn’t be syncing anything in chrome for sure. Part of the problem is that she is not very computer literate, so it is possible that she is doing something that she just isn’t able to articulate when we ask her “What have you been doing on your computer?”
I suppose it is possible that there is something in an email. Or on the email website itself. Next time I get the machine from her I think I will try to go through the removal process and see if it is the same virus. Maybe I will set her email up in outlook so that she doesn’t have to use the incredibly janky windstream web client.
Yep, that was the plan. I’ve done this a few times now. You guys are super helpful and the service is much appreciated. I’ll post logs as soon as I can get the computer over here.
