1

I want to upgrade to Windows 10 (I have 7) and then probably do a clean install as well. I'm not sure because I'm really confused now. I don't know what to believe anymore. It's very important to know if I'm infected because I decided to do the clean install to get rid of whatever malware I caught and now I'm asking myself how to backup some files on my USB without infecting the new Windows afterwards.

So,I suspected I have a virus but I'm kind of a maniac so I posted my problem on a forum but not at any virus/malware section.
I was asked to post some logs about my system and HDD; everything was fine with the HDD but I think they found something suspicious on my system logs because they said to move on another section for infected computers.
Nobody particularly said that I have malware,but they told me to go ask there.
I worked with anti-malware programs before and I know what to run so I didn't ask anymore. Instead, I did my own research.

Now,about my problems,there is nothing really bothering. It was just a BSoD (9f code) during hibernation/sleep (I am not sure because I let the laptop plugged and didn't pay attention to it for more than 1 hour),but it happened only once 1 week ago. Also,it got stuck during logging off and shutting down; I had to hold the power button to shut it. This happened twice. Only once I thought it was stuck but it did shut down by itself eventually. I also noticed my laptop is slow at startup (but not much more slower than usual). I have Skype that automatically opens so I kind of suspected that might be the problem. I got an error once saying Windows has stopped working because I always insist on running some tasks when it just opened and it's not ready to use. Now I wait patiently until it's ready.

These things don't bother me. I do my work without problem. Aside from startup my laptop is as fast as usual and it doesn't freeze.
These problems could also come because I have lots of updates I try to install but I can't. Windows 10 automatically installs before the updates and I did everything to make it stop but it just continues. I'll get rid of this anyway when I upgrade.
I also updated Avast. I don't usually scan regularly with it but it didn't bother me with pop-up messages about viruses and trojan.
I scanned with Malwarebytes anti-malware yesterday. Nothing was found. I tried Malwarebytes anti-rootkit and Kaspersky TDSSkiller. The last one didn't find anything. Malwarebytes anti-rootkit did something strange and I also emailed them to make sure the program might have bugs. I extracted it and then a message appeared (before scanning!) saying "probable rootkit activity". I scanned with it and it found nothing. I closed and reopened it. I had to extract it again and the message popped up again.

I don't know what to try anymore and I can't decide if I have or not a malware problem. I tend to think I don't have any malware issue because I really hate malware and viruses and as a result I am very careful on websites and I have anti-anything bad programs. But I also know from my experience that nasty viruses don't show their faces immediately.

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
Ivie
  • 11
  • 1

2 Answers2

3

The BSOD and poweroff problem look more like hardware/driver issues than anything else, especially the latter.

Malwarebytes anti-rootkit did something strange and I also emailed them to make sure the program might have bugs.

Your download may just be damaged due to a network error or similar, that's why you should check hashes to make sure your download isn't corrupt.

Now, we could ramble all day about whether it's compromised or not, so let's take the safe approach and assume it is, so a reinstall is mandatory.

First, do not create the reinstall media from the same (potentially compromised) machine, so you should download the ISO and burn it/create an USB stick from a separate, known clean machine.

To transfer your files, in theory any and all files could be modified by the potential malware to compromise other machines but I'd say the risk is pretty low for files that don't contain any executable code, so everything like photos, music and text documents should be safe. Only executable files and documents that contain executable code (Microsoft Office documents for example, as they can contain malicious macros, or PDFs) should be avoided.

To transfer the files the safest way would be to boot from a known good Linux live CD or USB and copy the files from there on a known good USB stick. That ensures that any running rootkit won't be able to tamper with the files or the USB stick as the files are copied, so this lowers the risk as now only files that were already compromised can be malicious. This also prevents the rootkit from turning your USB drive evil that will pretend to be a keyboard and enter malicious commands the next time you connect it to your newly reinstalled machine.

It seems that now it is possible to use some Windows 7, 8 and 8.1 product keys to activate Windows 10. You can download clean Windows 10 ISOs from Microsoft directly but make sure your User Agent doesn't mention Windows - otherwise it forces you to use their stupid Media Creation tool which is a piece of useless garbage. If you'd rather get Windows 7 you can get torrents from an unofficial source, just make sure the hashes match those found on MSDN to verify you're not downloading a compromised copy.

André Borie
  • 12,706
  • 3
  • 39
  • 76
0

While your description of the problems is extensive it can still not be decided if these problems are caused by malware or some bad-behaving non-malicious software or even hardware problems. The symptoms you describe can be applied to all of these cases.

It is hard to give a good advice based on this unclear diagnosis but since the problems bother you I would suggest to do a clean install of the system and then slowly reinstall all the applications you need to see if and in the context of which software installation or usage pattern the issues occur again.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424