Ghost in the machine real bad

diadara

Distinguished
Jun 23, 2011
6
0
18,510
Hi.
My friend has a relatively new stationary with Windows 7 that she didn't use much because they had no Internet. After they got fiber she started it up again. Then some really weird stuff happened.
Screen freezing, like it was burnt in.
She cannot open some programs, including Avast antivirus.
There were seven administrators listed with numbers as names, and she herself was at the bottom with no privileges.
She then got scared and backed up on Google Drive.
Formatted the computer and installed Windows 10 Home Edition store bought.
Installed Avast free edition.
Went on her laptop to download the backed up files from Google Drive.
Among the files was a hidden folder filled with system files. She didn't open any of them, she didn't have to because they opened themselves and started to wreak havoc. Programs started opening totally random, the folder copied itself and spread all over the disk. The laptop was suddenly impossible to work with.
Back to the PC.
When she tries to log on, the computer is really slow, a lot of programs open and the screen freezes. Avast, Windows Defender and Windows Firewall shuts down.
She gets the feeling someone is "controlling" her PC.
Suddenly the screen starts to flash like a disco ball and then goes black. When she starts her PC again, it's reverted to Windows 7 (!?)

I'm thinking a heavy virus because it all started when she plugged in the fiber. However, she had the firewall, Avast and Defender running.
I recommended another antivirus like Nod32 or Kaspersky, but she can't install them as it is now.
She's writing a book that's on a deadline so she really needs her computers. Right now she's got none. I'll take any advice and try anything to help her.
Thanks in advance,
Jana


 
Solution
First of all. I've been dealing with computers since 1992 so I know a thing or two. Way back when, joining a network could get your PC infected if you didn't have an antivirus software installed. It was called Sasser, look it up.
And now we have NAT in every router, and OSs that come out of the box much more securely. This largely doesn't happen any more, with the exception of very unpatched boxes with a direct internet connection. If you have a router, you don't have a direct internet connection. Things change.

My advice would be to download some version of Linux to a CD, boot off that, then use that to copy just the book to another USB drive. Then grab your/her windows disks, and during install hit 'advanced' and delete all...
First and foremost, people don't "control" PC's. There is no point to it. The current trend in any virus/hack is to steal credit card/banking and identity information. That is worth money. Nothing else is. Controlling and crashing PC's only alerts someone to the fact they are infected. You don't want people to know their infected, therefore it should be stealth.

About 90% of what you said can't even happen, so lets take a few steps back.

She then got scared and backed up on Google Drive. BACKED UP WHAT? ALL HER WINDOWS?

Formatted the computer and installed Windows 10 Home Edition store bought. DID SHE REALLY FORMAT OR JUST INSTALL WINDOWS 10 OVER 7?

When she starts her PC again, it's reverted to Windows 7 (!?) EITHER SHE DIDN'T FORMAT OR SHE BACKUP UP HER ENTIRE DRIVE AND TRIED TO RESTORE THAT BACKUP. THERE IS NO WAY A FORMATTED PC WITH WINDOWS 10 CAN TURN INTO 7.

Plugging into fiber internet isn't going to give someone a PC virus.

To me, it sounds like people who don't know enough about PC's and shouldn't be messing with them or needs to do a lot more reading and research first on what to do.
 
There are two things that must happen, in this order:

1. There is apparently one and only one critical thing on this PC, the book. Safeguard the actual data (the book she's writing). This absolutely needs to be copied elsewhere and offline, preferably on 2 different devices. An external drive, and maybe some cloud thing.
Anything else can be reconstructed.

2. Wipe and rebuild the PC from scratch.
Wipe and reinstall.
Either you do it, or have a trusted, competent, friend do it. Or hire someone.
If you were local, I'd come over and do it (for a small fee).



If you come back with "but we can't do that", then you are not serious about fixing this. And the nascent book will be lost.
 


My suggestion would be to
A: Run hardware diagnostics on both the laptop and the desktop. Verify that your hardware is all in working order before even bothering with software issues.
B. Take it to a shop to have it diagnosed.

The point is, there's no sense in banging your head against the wall with software installs and whatnot if you have a hard drive issue. Screen flashing like a disco ball could be a driver issue but could also be an underlying motherboard/graphics issue. Rule all of that out and then you can very easily figure out why your software is not working properly.
 
First of all. I've been dealing with computers since 1992 so I know a thing or two. Way back when, joining a network could get your PC infected if you didn't have an antivirus software installed. It was called Sasser, look it up. Second, I only relayed what she told me. She might be old but she's no newbie, she recently took three classes in computer usage.
I realize some of it sounds impossible but I'm sure more than 10% is true. There's no need to shout either. I can read lower case. I came here for help, not to be insulted.
Anyway, she only backed up her book and other relevant stuff, not the entire system, and yes, the PC was totally formatted before she installed Windows 10. However, the partition with Windows 7 recovery was left untouched.
Thanks for your advice but none seem to be applicable to the situation. I agree that the PC needs to be wiped again, but that doesn't explain why the folder from Google Drive duplicated itself on her laptop and rendered it useless... Not even Microsoft's phone support could help, they were flabbergasted. I wish I could go to her and help her but she lives 1200 km from me and we communicate through phone and email.
Have a nice day everyone!
 
First of all. I've been dealing with computers since 1992 so I know a thing or two. Way back when, joining a network could get your PC infected if you didn't have an antivirus software installed. It was called Sasser, look it up.
And now we have NAT in every router, and OSs that come out of the box much more securely. This largely doesn't happen any more, with the exception of very unpatched boxes with a direct internet connection. If you have a router, you don't have a direct internet connection. Things change.

My advice would be to download some version of Linux to a CD, boot off that, then use that to copy just the book to another USB drive. Then grab your/her windows disks, and during install hit 'advanced' and delete all the partitions, then create one new one.

This may be easier if she makes an account here, rather than playing chinese whispers.
 
Solution
Thanks for taking the time, we will try the Linux boot and wipe the partitions. I'm not the geek I used to be, but every single time my family and friends need help they come to me. This time it was tough since I couldn't be there and I had to take her word for it. It might be Chinese whisper but desperate times...
Again thanks.