PCA Forums

Wife's PC.

Dell with 3.4 MHZ I7 8 mb ram Win 8.1 current, dvd drive, gtx 970, WD 2 TB
about 3 years old.

When I bought this for her originally a couple of years ago, she wasn't into gaming, then she got into it with Guild Wars 2 and a couple of other games, so I've been slowly upgrading it so she had a decent rig.

It was running ok with stock everything and a 6870 I put in, but she wasn't able to pull HQ @ 1920 on some games so I did the following upgrade

decent 600W power supply for the video card
GTX 970
replaced stock 1 TB drive with a new WD Black 2 TB 7200 because she like to collect pictures off the net.

Ran ok for a while but lately it has been flaky as hell. Last night it wouldn't let her into Quicken - which she really needed because we're going to the accountant tomorrow.

Last weekend I ran a bunch of scans and Hitman found a malicious variant of Superfish which had turned off the AV (Kaspersky/windows defender) and removed it. It is still flaky but is scanning clean with Kaspersky, Malwarebytes and Hitman.

Other weirdness - it acts as though it's under heavy load from multiple applications, very sluggish. Nothing in task manager and no noticeable internet traffic.

One click on icons on desktop is very delayed response.

Sometimes you have to do the right click > open to get things to run

File manager 15-30 sec delay before opening.

other odd stuff when clicking on desktop icons - no particular pattern

I noticed tonight that the art class she is taking is hosted on some kind of wordpress site - in Firefox when you click to open a new window, you get sent to Bing with a bunch of banners along the bottom? I read somewhere that WP sites on non professional hosting were very vulnerable - not sure if this means anything. Close down FF, reopen, new tab is google like it is supposed to be.

She has a boatload if IPad type games installed as well as some real games, and lots of apps like word, photoshop, etc.

She clicks thru on a lot of sites on FB, but stays off the dark web and similar sites

______________________________________________
What I've done-

AV/Mal scans with Kaspersky, Hitman, MWBytes. clean

First level short diagnostics from WD - Smart ok, test ok.

CPUZ - everything looks ok

Scan HD for errors - clean

pull my hair out.

untested theories

I found system restore turned off, I usually make sure it's on when I set something up.

heat throttling? case vent isn't very good but it didn't throttle with a 6870 in it which is about the same heat as the 970.

windows corruption from ???

___________________________________

any ideas most welcome. when it went south last night when she was trying to do the taxes she was VERY UNHAPPY if you know what I mean. SERIOUSLY UNHAPPY to the point I was thinking about just getting her a new rig from Cyberpower instead of continuing to screw around with this. I can't figure out if it is a SW or hardware problem. Unfortunately, her cpu is socket 1155 so I can't drop it in my extra mobo to see if there is an issue with the dell mobo. This box should be pretty snappy but it acts like a drunk Celery 350....

Thanks!

When dealing with an infection that serious, reinstall Windows. End of story. ESPECIALLY when using it for any major personal things (Quicken, finances, online banking, etc.)

Even if AV scans are coming up clean, there's an extremely good chance something else is lurking in the background. Your best bet is to back up all important data (Quicken books, pictures, etc) and cut your losses and wipe it.

Yes, it will be a PitA, and it will take a long time to get everything installed again, but especially when dealing with anything finance wise, we recommended a reinstall. It's just safer. (Same cost as a virus cleanup at the shop I used to work at. Some people didn't take that option. At my new job, if there's an infection, I just wipe and reimage. Saves a lot of trouble down the line)

Maybe even try popping another HD in and install Windows to it to see if it acts any better, if you want. Still say reinstall though.

My two cents.

I would start by putting in the original hard drive if you still have it and see how it runs. If it runs good, you may need to just wipe the WD black and reinstall Windows. Make sure you've backed up the important stuff first. If the computer came with Windows 8 and not 8.1, you'll have to install that first. If you don't want to download an install disk, pop the original disk back, get a 16 GB flash drive, and create recovery media. You should be able to install Windows on the WD black using this media. Alternatively, install an SSD since you'll most likely be reinstalling windows.

Thanks gang. I do have the old HDD which didn't have any of this crapola on it. I guess if that runs clean I could just image that, wipe the new HDD, and restore that image.

We have full online backups of all the data, etc. She has one of those back up every day services (can''t remember the name, but a decent one). You guys figure the files in there are ok infection wise?

If I end up rebuilding from scratch, I'd probably use the extra copy win7 pro that I have. I hate 8.

Anyone else has any ideas, please jump in. I suspect you guys are right about the wipe though. Grrrrrr.

In addition to the scans you've done, you need to run Kaspersky's TDSSKiller and AdwCleaner:

http://www.bleepingcomputer.com/download/tdsskiller/

https://toolslib.net/downloads/viewdown ... dwcleaner/

Be aware none f these scans will fix a hijacked homepage or search engine, so manually check these. Also uninstall or disable any FF addons you don't recognize or didn't install yourself.

Clean install will be your last resort. Whenever you get it fixed, I would make her a Standard user and create another user that's an administrator, with a password she doesn't know. Nothing malicious can be installed, even in a drive by, if she is not an admin. It's how I have my wife's PC setup.

TDSS was clean, but the other one found a bunch of junk, which it deleted. It seems to be running ok now. The only thing I see at the moment is with QuickBooks which is returning and invalid/corrupt license information and the faq says to reinstall. Thanks, FP! I ran them on my box too and found some friggin AOL thing in my Chrome profile - ??.

I changed her user p/w but am hesitant to downgrade her to a user because she does install stuff on a regular basis following her interests - art, graphics and other apps, and I don't want to be necessary for her to do that.

We can do a complete reinstall if required but would obviously like to avoid that. The financial info the accounting program had access to is basically the household banking stuff. I already told her she needs to change all her pw with $ linked accounts like Amaz, banks, etc. Additional thoughts welcome in that area or anything else!

At the very least, I'd still make her a limited user, but give her the admin password. Make it complex enough that she pauses and thinks about WHY she is being asked for it. It's too easy just to click ok when UAC pops up. Thats how Macs work. No one is admin on a Mac.

Rule of thumb is that if you are asked by UAC to approve something, say no unless you instigated it yourself by installing an app or driver.

AdwCleaner is very aggressive in my opinion. I ran it once last year, and let it remove the items it found. Little did I know that it also removed utilities I had that I know are clean. Good thing that it had an undo option.

The new AdwCleaner lets you uncheck items you don't want removed.

However, IMO, anything AdwCleaner wants to remove, you SHOULD remove. If it made it onto it's list, that means there's an adware component involved. It might be as relatively harmless as Dell's automatic driver update crapware, but I still think it's better not to have it if it's phoning home with any harvested data.

Right now it's my main go-to adware cleaning tool. 95% of the time if there's just adware on the machine, and I don't feel there's a virus (and honestly, it's all mostly semi-legal adware now that just tries to either con you out of money, or hijacks your homepage or search engine to steal ad clicks, or throws pop-up ads at you) then I just run AdwCleaner first followed up by Hitman Pro (which is better at detecting a few specific things) and that usually does the job, short of manually checking browser home pages, search engines, and add-ons. I also ALWAYS run TDSSKiller because it only takes a minute or less, and it's the most reliable way of detecting rootkits.

I only run Malwarebytes if I feel there are real trojans and viruses on the system, or if TDSSKiller detects something, or if the system still "feels wrong" after the basic cleaning. I will usually follow that up wil Trojan Remover because it specifically targets trojans.

Example: I have an old DOS utility called "Units". It's an old conversion program that I've used for the last 25 years in my job. It was flagged and deleted, along with other types of these programs that I kept and use to this day in a folder called "Util". It even deleted an old Turbo Pascal program that I wrote from scratch for flow calibration.

Must be setup to be suspicious of DOS apps. Since no one makes DOS apps anymore.

Ran a scan with it myself. It picked up only one thing, and it thought it was something ad-related when it wasn't. Seems to easily mistake things by name only.

Yep. Best to review what it finds and act accordingly.