Sisters friend needs help with weird virus.

Jim_and_Evil

Estimable
Nov 10, 2014
24
0
4,560
My sister and her friend were at our house with their laptops studying articles for a research paper they needed to do. Her friend went to a site that had an article on childhood cognitive development and her IE page and laptop froze up and required a reboot. Her unit is a Dell Inspiron 15.6 with Intel Pentium 3558U 1.9 ghz, 4GB DDR3, 500 GB Hard Drive, Widnows 7 home premium 64bit.

She has Kaspersky Internet Security 2014 and Spybot, and when she tried to do a scan with the former, it froze up when the menu loaded and again required a restart. Then when she logged back in, the AV icons were gone and a whole ton of prno icons were taking up the wallpaper, and IE kept opening up with sexdex.com as the homepage.

After yet another restart, the boot screen keeps going until it shuts of and repeats the same thing again. Tried running in safe mode, BSOD. Tried system recovery, BSOD. Tried getting into bios, setting main boot drive to DVD drive to load Kaspersky Rescue CD, disc does not load up and keeps going onto Windows boot repeat cycle.

She is under major panic and my sister is hounding me to figure out a solution as both are not very tech savy. My parents don't know WTF to do or have any clue on what happened, and I don't have all night to deal with a pressured older sibling and her friend. What should I do?
 
Solution

Based on the original post, I would say that isn't an option. Not even booting into safe mode means there's no chance of doing a proper restore.

OP- have you tried booting a live USB, instead of the live CD? You can use WinISO, if you need a program to make a bootable USB from an ISO.

If that doesn't work so well, then you can try a different AV program's bootable ISO. If that fails, then I have a hunch that the only real way to fix this would be through a live OS, like a live Linux distro, and see what is potentially causing problems that way. Under the worst case scenario, you can use a live Linux distro for backing up files, and then just reinstall Windows. It's...

Jim_and_Evil

Estimable
Nov 10, 2014
24
0
4,560
And after my sister violently twisted my arm to have her firend use my laptop, I'm very leery of having her use it because because though I have Norton 360 premium, Spybot, AND Malwarebytes that served me well, I don't want it to get another virus that gives a repeating boot cycle like what happened to the pavilion before it fixed it.
 

Skylyne

Estimable
Sep 7, 2014
405
0
5,010

Based on the original post, I would say that isn't an option. Not even booting into safe mode means there's no chance of doing a proper restore.

OP- have you tried booting a live USB, instead of the live CD? You can use WinISO, if you need a program to make a bootable USB from an ISO.

If that doesn't work so well, then you can try a different AV program's bootable ISO. If that fails, then I have a hunch that the only real way to fix this would be through a live OS, like a live Linux distro, and see what is potentially causing problems that way. Under the worst case scenario, you can use a live Linux distro for backing up files, and then just reinstall Windows. It's a pain in the butt, but it might just be the only viable option.
 
Solution

Jim_and_Evil

Estimable
Nov 10, 2014
24
0
4,560
TNX for the replies. Her friend is taking it to a PC repair shop to get it fixed now that they have their research work done. Mann, that was a nasty a$$ attack she got. I had a Windows 7 64bit Home Premium disc that we tried to load on the drive and do a fresh install, didn't load it and went into the repeat boot cycle. Tried the USB Win7 copy I made and then dariks nuke and boot on a CD, all did nothing and went into the boot mess.

Luckily, my laptop is A-OK with no attacks reported by Spybot or Norton. Sounds like she never updated or properly set the A/V software on her Dell, which is probably why this SOB caused a lot of unfixable damage. IDK what type of virus attacked the Dell, as the AVs crashed before it could show anything. Does anyone know what kind of virus/malware it was?


Hell, even the bloodhound that plagued the Pavilion (when it was in my sisters possession) wasn't THIS bad, as only a 15 hour disc wipe with dariks nuke and boot cleaned up everything to ensure a safe Windows 7 reinstall.
 

Jim_and_Evil

Estimable
Nov 10, 2014
24
0
4,560
Another update on the situation with conclusion-

My sis said her friend told her the from the PC shop that the HD is completely corrupted by a malicious auto installer that downloaded a bloodhound and some ransomware that encrypted files which together caused major conflicts, which was why weren't getting anywhere with the safe modes and discs. PC shop was to charge $380 for a new OEM hard drive with installation, but my sis mentioned that I may be able to install a drive for her, being I installed one once my PS3.

Originally, she was going to make me take the drive out of my ps3 so her friend can save money, but then I said it wouldn't be fair because wouldn't have any drive to replace it with (original PS3 drive had a hardware failure so I tossed it) and that its her problem not mine. After calling me excessive names and saying I'm a selfish lazy a$$, her friend stuck up for me and said she would buy the replacement drive if I install it for her. A trip to Staples and a 1.5TB drive later, swapped out the drives and did a fresh install of Win 7 Home Preminum using the key code on the bottom of her LT. After 3 hours of installation process and reentering the key code, everything is functioning in perfect order. Being the WD 1.5TB drive only cost $75 and installation was free, she just saved herself $300 from having a "tech" in the dandiest part of town jam in someone else's drive filled with porno.
 

mdd1963

Distinguished


It hardly seems selfish to not be willing to donate hard drives to someone else's repair efforts! (So the other shop is saying the original drive is not capable of being repaired. (I trust they returned it, and have not merely deleted it's partitions and rebuilt a new MBR, and prepared it for resale!)
 

mdd1963

Distinguished


Not to imply this applies to you, but, many folks forget after the install of files from the install CD/DVD to then remove the disc, set BIOS back to 'load from HD', and then actually load from the hard drive; this would then have the computer again load from the CD ROM/DVD drive, endless repeats...

Otherwise, I'm a little confused on what was truly happening, given your description of inserting the install CD, but the system 'not loading it' and 'repeating boot cycle'
 

Jim_and_Evil

Estimable
Nov 10, 2014
24
0
4,560



Actually, I tired that too but it was not loading the disc drive after I put in the CD. IDK why nothing I was trying worked, that virus did something that prevented us from getting anywhere.

To elaborate what was happening. We put in a CD (Kasperky rescue CD, Windows 7 HP inst) after going into bios and setting main boot to CD/DVD drive, instead of getting the CDs menu or windows is loading files, we got a black screen options menu to:

Boot normally
Boot using safe mode
Start system recovery.

After 15 secs it would select the option that was highlighted (the 1st since I was trying brainstorming ideas while muting out the barking commands of my sister). The former would try to boot with the windows logo forming and glowing for 3mins, then go blank, restart with the Dell logo, and then back to the options menu and repeat. The latter two would pretty much result in a BSOD, while the 3rd would sometimes try to load the recovery menu and then BSOD in the middle of loading another screen.
 

Jim_and_Evil

Estimable
Nov 10, 2014
24
0
4,560


Hahahaha, LOL. That's what they would prolly do. They would have some soccer mom come in and buy that drive from them for cheap for her sons PC, and after seeing someones user name and a ton of "questionable" icons, get them in court of violating child protection laws!

Luckly, they did not take the drive out unless she opted for the $380 replacement+installation (thanking her for at least being smarter than expected!). Since we swapped out with the replacement, Im currently in possession of the original drive just cause.
 

Jim_and_Evil

Estimable
Nov 10, 2014
24
0
4,560


From what she told me, it would have been that much had they not been required to use official Dell parts on repairing Dell units, due to a contract obligation or some jabber muck. I believe they are an authorized Dell repair center too, as that's prolly why for the contract BS.
 

Skylyne

Estimable
Sep 7, 2014
405
0
5,010
You could have easily wiped that original HDD... Mechanical drives can't be compromised in such a way that there is persistent malware/viruses/etc., unlike their SSD counterparts (the micro controller can be compromised in SSD/flash drives); at least, not that I'm aware of. If you take the time to do a thorough wipe of the HDD, you will not only "remove" (technically, overwrite) the virus, but also have an HDD that is 100% fresh, and can have a brand new MBR written to it. Linux does wonders, mate...

I think things could have been done for much cheaper, if you had the storage space for backing things up; but, what was done will work. The real problem sounds like a lack of the "common sense" security measures, and overall lazy end-user habits. Whenever I see that stuff, I tell the person, "Unless you start taking proper care of your computer, I'm not fixing this piece of shit any more." If they can't handle that, I let them walk away with their computer in the same shape I got it. That usually stops me from wasting a whole weekend on a computer that I'll probably see again in another month...
 

Jim_and_Evil

Estimable
Nov 10, 2014
24
0
4,560
Like I said, I tried everything in the book and wiping the drive with dariks nuke and boot on a DBAM CD I made (and a USB too), nothing was working and I was about pull all the hair out of my head! I did the same on the HP pavilion when I was fixing it up from a bloodhound and DID NOT any problems like I had here; luckly it read the CD so I was able to use dariks to wipe it.

Yeah, next time if my sis is going to be like sargent carrot, ill tell her "you're on your own).
 

Skylyne

Estimable
Sep 7, 2014
405
0
5,010
You definitely had something I'd love to have taken a look at. Honestly, those cases make me the most interested, even if the person who owns the computer is completely computer illiterate. I like the challenge.
 

mdd1963

Distinguished
Either the option to load from CD/DVD was being ignored, or, the internal CD ROM/DVDROM is bad (or the images contained on the disc were not burned correctly), which would then cause it to go to the next boot option, in this case the hard drive....again.....