Infection messing with laptop pci network card controller?

Discussion in 'malware problems & news' started by m00nbl00d, Oct 3, 2010.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I decided to write about this issue in this sub-forum, because it also is a possible problem with hardware/controller, so I didn't know where to post it. If moderators find it to be more appropriate to be at other location, please do it so. Thank you.

    So, a family member brought me a laptop with a clean install of Windows 7, so that I could deploy the security measures. Previously, it had Windows XP, and the system became infected. At that time, I didn't ask, and I wasn't told that there was a problem with the network card controller, because for what she could tell the issue had been solved when installing Windows 7.

    She first noted the system was infected, for what I was now told, when booting Windows XP there was a error message saying there was a network card controller conflict.

    So, she scanned the system with a different AV, Malwarebytes, and a lot infections were found. To spare the hassle of checking with more tools, etc., she decided to just install Windows 7.

    Now, all of a sudden the same error appears with Windows 7. But, going to devices manager, I see no conflicts or errors.

    Reparing the installation of the controller solves it. But, at some point it will return again, because it's the third time I do it.

    I got in contact with her, and she told me that, at the time, she chose to delete the partition when installing Windows 7, rather than formating the harddisk.

    My question is: Would deleting a partition fully remove an infection? Or, would it only go dorment?

    I've been checking the system, but nothing appears to give me signs of any infection.
    Could it just be a tremendous coincidence, and exist a problem with the network card itself, corromping controllers?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    I think this the most likely scenario, not malware issue
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    By the way, it's a quite old laptop. Acer Aspire 1640. In bad shape (Not falling apart, though. lol). For what she told me, she bought it from some other person some time ago.

    Most likely it's indeed a problem with the network card itself.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Hi, a couple of things to note, just in case, better safe than sorry :)

    AFAIK just deleting is similar to deleting something to the recylce bin, it only gets marked for deletion, not actually deleted as such.

    Second the fact they already had malware in the partition, even if it was "supposedly" cleaned up, "might" have left something in there. It "could" be possible for a nasty to still be lurking in there .

    Someone please correct me if any of the above isn't accurate ;)

    *

    Edit typo :(
     
    Last edited: Oct 3, 2010
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    TDL
    Writes its own file system onto the HDD. Reinstall, timebomb reinfection 10-20 days later. Can use Chkdisk to reinfect also.
    Deleting partitions, as in deleting the partition table, doesn't delete data elswhere.
    Only solution is wiping the disk with something like HDDErase.

    Can you be sure other devices of hers are clean? ex. Router, other systems connecting to her router like a set top box or computer.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Just a laptop. No router. Internet connection is done with an USB connection device.

    I had in mind formatting the harddisk with DBAN.

    What do you think about it?

    Edit: By the way, I'm also in the process of creating an USB disk with Kaspersky Rescue Disk 10. It's still updating as I write, though. It may spot something. I'll see what happens.

    I'll, meantime, also prepare an USB disk to erase the laptop's hdd disk. (The DVD write doesn't accept copy CDs/DVDs. Bummer)
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    By the way, would wipe the hard drive using an Ubuntu Live CD be as effective? I know there's an utility called "wipe".
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -Edit-

    Two more questions.

    1. It seems that the wipe utility does not come by default with Ubuntu. At least, from what I read in a web site moments ago.
    I'll be running Ubuntu from an USK disk. Would there be some way of adding the utility named wipe to it?

    2. This is beyond my knowledge. What would be the recommended number of passes? Would 2 be more than enough? We're talkikg about a laptop from, perhaps, 2006. I'm guessing the harddisk isn't much older than that. I'd hate to have to spend like one entire day wipe a harddisk. I know that newest harddisks don't need too many number of passes. But, how far behind "newest" goes, it beats me. I never really needed this sort of information before.

    Here you may find the specifications: http://reviews.cnet.com/laptops/acer-aspire-1641wlmi-pentium/1707-3121_7-31746023.html
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    I'm not sure, but it could support the Secure Erase command, that's quite fast and really wipes everything, including unallocated sectors, Host Protected Area, etc. After that you could use an utility like Recuva and do a scan too see if it can recover anything, because I also don't know how many passes it would need.
     
  10. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    A single pass with zero's (one-pass zero's) is sufficient.
    Wiping with (f.i.) DoD algorithms really isn't necessary.

    Just check whether the number of sectors displayed by the erasing software (example) corresponds with the number of sectors on the HDD sticker i.e. make sure that you erase not just a partition but the entire disk.

    Recommended are DBAN (one pass-zero's and more complex agorithms) or KillDisk (free version only offers one-pass zero's).
    cheers.
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Hello,

    Thank you for your feedback. I actually already wipe it using DBAN. I used the default wipe settings using autonuke, which is DoD. Not much of a deal, it's a 60 GB harddisk, so it only took 4 hours.

    Anyway, considering that 60 GB is really little to provide a quite stable system, I advised my family member to buy a 320 GB hard disk to replace this one, and use this 60 GB as an external one to store documents, etc.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Just informing that the error reappeard. Highly unlikely to remain with some sort of an infection. o_O

    Most likely just a screwed network card. By the way, only now I noticed it, when installing Windows 7 via USB disk, that whenever the error message appears, it means that the option to boot from network is gone from the boot menu.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.