Website, CSF, and lots of attacks.

Re: Website, CSF, and lots of attacks.

The install was not from a disk. I installed from a bootable hard drive. The hard drive has all the drivers and updates, user folders up til July 2015. I do have some third party stuff, but if I get annoyed with it I will just uninstall it. Thanks for the offer, but I find from experience this is the best way to reinstall the OS. Being that it sits on a self it is not exposed to the internet.
I do not believe my computer was infected because it operated just fine when not on the internet and I was able to stop the action from happening. I think the infection was out on the other side my router.

Re: Website, CSF, and lots of attacks.

So this has actually been done?

Viruses can always flash to a regular users BIOS, there's always the risk. I guess with a regular BIOS though, it'd have to be written for just that machine...I've never heard of real world problems though.

UEFI is better than legacy BIOS though because of the hard drive limits and RAM limits and all that jazz. If it's implemented correctly, I think it could be a good thing Stj. You know what would be cool? Customizable UEFI modules. The Linux community could write modules for BIOSes, kinda like those opensource firmware projects for various routers....just instead of routers, it'd be for PCs.

Too many times I find the manufacturers have locked down the BIOS to prevent normal users from messing things up. Boards that have the features generally cost a bit more money because they're made for overclocking or this or that.

I had a friend, Miss Millie. She's since passed away. She an e-machine that was always crashing. Back then, e-machine didn't make their boards. They had Gateway make them and they just used a customized BIOS. The e-machine motherboard had a sticker with the motherboards model number on it. I removed the sticker and it had the Gateway motherboard model underneath! So, I went to Gateway's site, downloaded the Gateway BIOS and flashed it on her e-machine. She said the e-machine never worked better and didn't have anymore instabilities issues.

With the e-machine BIOS, you could set the system clock and do small things like that, but it was very limited. With the Gateway BIOS, I had a ton of options and changed some values, like the voltage going to the sticks of RAM, the frequency of the RAM, etc. I think that's what did the trick.

Re: Website, CSF, and lots of attacks.

UEFI is evil, a payload can be uploaded into the bios.
just ask Lenovo victims/customers!

Re: Website, CSF, and lots of attacks.

Do you want me to help you do a clean install of Windows 7 Pro on that machine? I promised you a disc a long time ago but never got around to it. I can make a custom disc for just your PC that (hopefully) will have all the drivers slipstreamed into it and will pre-active that machine for you.

It wouldn't include any third party software that came with the machine and it won't include all the 7 updates. I never was able to successfully fully update a 7 disc with all the updates. I tried many things. Maybe it was 8 I'm thinking of. I guess we're not allowed to use dism anymore and have to use some sort of Server edition of Windows to properly update the discs. I called Microsoft on this and sure enough, it violates the TOS and this is why with the 8 discs, the product key was rejected. I installed 8, I booted into audit mode, I fully updated it, I sysprepped the machine, captured the image, made a bootable thumb drive with all the updates, tried installing and the product key was rejected every time. No matter what I did. I called them and they said that's illegal now and not allowed. They said using dism to slipstream the updates (the few that can be slipstreamed that way) is illegal as well and now I gotta use the Server 2012 to do it using their Microsoft programs. I think it's something like WSUS or something like that. Pain in the ass.

Re: Website, CSF, and lots of attacks.


Yea I still have windows 7 pro on it. When I first got the computer I bought a solid state drive for it. I bought the computer from interconnect a certify Microsoft Refurbisher. The computer is a Lenovo T400 it original had XP. Interconnect put the Widows 7 Pro on it. When I received the solid state drive I cloned the drive with the installed drive I then took out the installed drive and put it on the self. It was this drive I used to clone back the original OS to the solid state so I should be good to go.

Re: Website, CSF, and lots of attacks.

No, I meant what operating system are you running, like Windows 10, Windows 7, etc. It came with Windows 7 Pro 64-bit....is that's what is still on there? Or did you upgrade to 10? If you did upgrade to 10, do you want to go back to 7 Pro? Thanks.

Re: Website, CSF, and lots of attacks.

It came with windows 7 pro 64 bit. What do you mean what am I running? like something like this.

https://labs.bitdefender.com/project...otkit-remover/

Re: Website, CSF, and lots of attacks.

What are you running and what did the PC come with Keeney123? Windows 7?

Re: Website, CSF, and lots of attacks.

Yeah, tightening down your security might appear to fix the problem, but it's just a workaround. From the sounds of it, you're definitely infected. The big thing is to scan for the rootkits. Most anti-virus programs won't detect them. There's some nasty ones out there. TDS is one of them. If I remember correctly, about every 4 google searches or so, it'll redirect you to some adware type page. I had that on a few customers PCs and it was impossible to remove, even with the free TDSKiller. It did remove it, but the internet didn't work after that, no matter what I did. Reinstalled network drivers, rest the stack, I tried everything. Had to format / reinstall.

Re: Website, CSF, and lots of attacks.

I have all that stuff with bit defender. After I did all the security tightening Firefox ran without problems. I went back on internet explorer and it would run OK, the problem with it though is it still did open to the home page that was set. I could open Firefox to any page I wanted. So on the internet explorer it open to something like tech-biz.com. But because I had block it in my security software it did not go to that page. I tried downloading that KB update from Microsoft that corrected the Windows 10 updates and of course the computer just spun. Never was able to get it. Finally I took out my back up hd that I cloned back in July of 2015 and cloned it right over my installed drive. I will let you know how that goes. I still can not get windows updates to work, but now I don't have windows 10 trying to install either.

Re: Website, CSF, and lots of attacks.

That's not to say the computer wouldn't still work or that they wouldn't be able to get into the BIOS, just certain tools were no longer available. It's not just UEFI BIOSes either. Some PCs (mainly ones like HP laptops, etc) will have hot keys or a special button you can press if you can't get into your PC. They rely on special partition sometimes. It might be something like F9 on an HP that starts up the recovery partition. If someone deletes that recovery partition, hitting F9 won't do anything. They usually have a special small partition with a bunch of tools on it that work with a larger recovery partition, from my experience.

Re: Website, CSF, and lots of attacks.

Yes, you can boot into the BIOS. Let me a bit more clear. I had a customer's Dell I think it was (maybe HP). Anyway, there was a partition on the drive that contained software that could be ran outside of Windows. In the UEFI BIOS, you could start this software. There were programs with mouse support for stuff like memory testing, hard drive testing, factory recovery, etc. If that partition that contained those tools were deleted, if someone went into the BIOS to try and use one of those tools, it'd fail. Do you understand?

Re: Website, CSF, and lots of attacks.

QFT= quoted for truth

Re: Website, CSF, and lots of attacks.

I don't think so. I can successfully boot my system without an internal HDD/SSD plugged in and boot to BIOS.

Re: Website, CSF, and lots of attacks.

What do you mean by QFT? Quick Format?

This can be a bit tricky. Although I personally don't care much for recovery partitions and images and prefer a clean installation, some people like them very much. When they pay me and they have some pre-installed version of something like Cyberlink and I wipe the entire drive, they might get pretty upset when I give the PC back without Cyberlink. If they want it reinstalled, a lot of times, they might be forced to either purchase it directly or purchase recovery disks....

So, depending on whether Keeney123 wants a clean install or his pre-installed bloatware, I mean software, I think that would determine what way is the best.

Some BIOSes use partitions for system tools, like UEFI type BIOSes. If those partitions are destroyed, those tools won't work.

Re: Website, CSF, and lots of attacks.

QFT and also wipe the entire drive! You don't want ghost Windows reminants!

Re: Website, CSF, and lots of attacks.

TechGeek is correct. Ultimately, if you are infected, you should always reinstall Windows. If you need to do this, contact me via e-mail and I'll walk you through it. If you have more than one PC connected to the internet, it'd be easier.

Re: Website, CSF, and lots of attacks.

Keeney123, I feel that I owe you for one reason or another. Anyway, it sounds like your PC was actually infected and might still be. If you don't mind running some tests, we might be able to figure out if it is or not.

One thing you might want to do first is to download Malwarebytes and run that:

https://www.malwarebytes.com/mwb-download/

You probably want the free download. Once you start installing, eventually it will bring up a pop-up window with some check marks. One will say Enable free trial of Malwarebytes Premium. Uncheck that unless you plan on purchasing the premium version.

Once Malwarebytes starts, don't click Scan Now. Wait until it finishes updating. Then, click on Settings. On the left hand side, you'll see a category titled: Detection and Protection. Click that and you should see some check boxes. Click the one that says Scan for rootkits.

After that, click the option that says Scan. It's after Dashboard and before Settings on the top of Malwarebytes. Click on Custom Scan. Then click the big blue button that says CONFIGURE SCAN. Make sure Scan for Rootkits is checked on the left hand side. Also, make sure your drive is checked. You might have more than one drive to pick from. For example, here, we have the C: drive and the D: drive. Our D: drive is the blu-ray burner so there's no sense for us to scan that. If you're not sure, you can check them all. It shouldn't hurt anything. After that, click Scan Now.

Go do something for a while. It can take a while to scan. Once it's done scanning, let us know what it says for Detected Objects:

There's more programs I'll have you run, if you're okay with it, but we should start there.

Re: Website, CSF, and lots of attacks.

re-install Windows. DONE.

Re: Website, CSF, and lots of attacks.

This was way more aggressive. As I could close the browser like Firefox and open a completely different browser like internet explorer and it was right there. It completely ignore the start and home page and went directly to its page. I block the domain with Bit Defender and it started loading on another domain. It did not matter what site I went to it was there. I increased the security of the browsers to high and it did not matter. I completely deleted the browser and then reloaded it and it was there. I finally loaded Google Chrome and it was clean for about three or four searches and then it appeared. I then set my Bit Defender to max gaming mode and then went into my modem and set that to Max security and that solved the problem. The problem then is the web searches are slower.