[scrabbler1]

I have been trying to fix my friend's laptop for a week now. She has XP-Home on it, along with Service Packs 1, 2, and 3.

For some strange reason, it keeps trying to open internet browsers all the time on its own.

It does not matter if it is connected to the internet or not.

It does not matter what the home page is set to.

At times, it had 40-50 browsers open at one time.

I ran Symantec Antivirus. It found nothing. I ran Spybot S&D. It found nothing. I ran Malwarebytes. It found nothing.

I was barely able to back up her personal files before reloading Windows. This windowbomb, as I have seen it described, hijacks common tasks such as Windows Explorer and puts the Internet homepage in place of the Search Results or directory tree.

I had to play "Beat the Clock" to be able to save her files onto a Flash Drive before the windowbomb occurred.

But when I reloaded Windows, guess what? It kept happening! How can this be? I started over fresh and new but this bug persists. Is it actually a bug or a strange setting? The hard drive is only 6 months old and this did not begin happening until a few days before I tried the other things prior to reloading Windows.

The number of browsers it opens varies. Sometimes it is only one or two, but sometimes it is 10 or 20. However, it should not try to open ANY browswers unless I click on Internet Explorer, right?

Is there something else I should be looking for to prevent this from happening? This windowbomb makes her system pretty much unusable when it happens.

Thank you.

[Advertisements]

It seems that Windowbomb resides in either the ram cache or the MBR of the drive. In order to make sure that you get rid of it for sure, here is what you have to do, if you have backed up all her data:

Restart the laptop and go into BIOS, then reset to default settings.

After Save and Exit, power off the laptop, take out the rams and with the battery out and AC Adapter, press Power for 10 seconds.

After you boot with the Windows Setup CD, when you get to "To install Windows Press, Enter" and you see the partitions that are currently allocated on the HDD, Delete them all, that way the MBR goes aswell. Then create new partitions and install Windows normally.

You shouldn`t have any problems after that.

[War/G.asm]

It seems that Windowbomb resides in either the ram cache or the MBR of the drive. In order to make sure that you get rid of it for sure, here is what you have to do, if you have backed up all her data:

Restart the laptop and go into BIOS, then reset to default settings.

After Save and Exit, power off the laptop, take out the rams and with the battery out and AC Adapter, press Power for 10 seconds.

After you boot with the Windows Setup CD, when you get to "To install Windows Press, Enter" and you see the partitions that are currently allocated on the HDD, Delete them all, that way the MBR goes aswell. Then create new partitions and install Windows normally.

You shouldn`t have any problems after that.

[Broni]

@ War/G.asm
http://www.geekstogo...boardrules.html

Because of the potential for harm, only staff members approved for malware removal are allowed to offer malware removal advice or reply to malware topics.

Please, observe board's rules.


@ scrabbler1
I suggest that you start a new topic in the Malware Removal and Spyware Removal area.

Before you start a new topic click on this link --> Malware and Spyware Cleaning Guide, Please read before starting a new topic. This will give you a few preparations to make, as well as instruction for posting your OTListIt2 log.

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

[scrabbler1]

After a lengthy chat with Ron (Rkinner, geekstogo expert) which included trying several things and running several diagnostic programs, I will soon be reloading Windows using the suggestion made by war/g.asm except that I will not be removing any hardware first. Simply resetting the BIOS settings prior to reloading Windows will be enough, Ron said.

[123Runner]

If you want to be absolutely sure the drive is clean you can use DBAN (Deriks boot and nuke). It writes 1 and 0's to the drive. There will be absolutely nothing left on that drive.

[scrabbler1]

If you want to be absolutely sure the drive is clean you can use DBAN (Deriks boot and nuke). It writes 1 and 0's to the drive. There will be absolutely nothing left on that drive.

I did a BIOS reset and reinstalled Windows and the damned windowbomb returned anyway. How do I do this DBAN thing in case it never got deleted despite TWO Windows reinstallations?

[123Runner]

DBAN is in the links in my signature.
You create a bootable cd with the iso file you download.
Use Burncdcc in my signature to create the bootable iso.

Boot the computer with the cd, choose the correct drive and have at it. It will write 1's and 0's to the drive.
If that does not take care of it then I don't know what will.

If you don't have a burning program that will burn .ISO files get burncdcc from my signature below ..a small FAST no frills iso burning program...

NOTE...do not put a blank cd in until burncdcc opens the tray for you

1. Start BurnCDCC
2. Browse to the ISO file you want to burn on cd/dvd ....
3. Select the ISO file
4. click on Start

[scrabbler1]

123Runner, I can't write the .ISO file to the CD because I get the following error in your BurnCDCC program:

"The size of the file <file location and name> is not valid."

Also, I assume that I don't have to write the other non-ISO files included in the download to the CD? Otherwise, I don't see how I can write them all to the CD together.

[123Runner]

It sounds like you unzipped the downloaded file.

(Burn this file to a blank disc and boot the computer with it. Do not unzip this file.)

The downloaded file is "dban-2.2.6_i586.iso"

Use my previous instructions. You do not copy the file. The iso is bootable if done properly.

[scrabbler1]

When I tried to save the file directly to a blank CD, it opened up Roxio, one of the two CD burning programs I have. Roxio was unable to write the .ISO file to the CD. However, when I simply saved the file (did not unzip it) to my system and used my other CD burning program (not Roxio), the file got written to the CD just fine. The file name you showed in your previous post is the lone file on the CD. So I am okay and ready to use it on the ailing laptop system, right?

[123Runner]

If you did it correctly, then the CD is bootable. If you did not burn it as a iso file and simply copied it, it won't work.
You do not copy or save it to the CD.

If it worked correctly then restart the computer with the CD in the drive to boot from the cd.
You may have to go in to bios to make sure it is booting from cd.

[scrabbler1]

If you did it correctly, then the CD is bootable. If you did not burn it as a iso file and simply copied it, it won't work.
You do not copy or save it to the CD.

If it worked correctly then restart the computer with the CD in the drive to boot from the cd.
You may have to go in to bios to make sure it is booting from cd.

Okay, I was able to create the CD and I booted up the system with the CD inside. I got the Darik's Boot and Nuke 2.2.6 (beta) screen with the blue background and the 3 boxes - Options, Statistics, and Disks and Partitions.

I hit the F10 key to start but it did not do anything. The Statistics box shows no data after its 5 categories (Runtime, Remaining, Load Averages, Throughput, and Errors). Nothing is happening. Why? The Hard Drive light on the laptop is off. Did it finish already? There was no pause.

Under Disks and Partitions, there are 3 entries. The first 2 are Unrecognized Devices while the third one is the CD in the CD drive.

I see the menu on the bottom with options P, M, V, R, J, K, Space, and F10 along with their brief descriptions.

What do I do next?

***Edited to add - I had hit ENTER, not autonuke at the earlier menu. When I hit autonuke, the process begun.

Edited by scrabbler1, 25 July 2010 - 11:32 AM.

[scrabbler1]

The DBAN has been running for several hours, writing out a few rows of ^@^@^@ symbols very slowly.

It has not written any more ^@^@ symbols in over an hour. But I see on the top few disjointed rows the following messages:

"DBAN finished with non-fatal errors." in yellow font. Then I see this message in white font on the next line:

"Check the log for more information."

I was not watching the screen most of the time it was running, so I don't know when or if thie message appeared earlier. I was expecting a more obvious confirmation that it is done, if it is done.

Am I ready to restart the laptop with the (Gateway) restoration CDs I would normally use to boot it up and reinstall Windows as I did before?

[scrabbler1]

After 9 hours, I pulled the plug and restarted the system. Windows was not erased. It booted up as it had done so before, along with the windowbomb. Why didn't DBAN erase anything after 9 hours?

[DaffyKantReed]

Why didn't DBAN erase anything after 9 hours?

I had trouble getting DBAN to work on a few different occasions. Try Secure Erase.


http://cmrr.ucsd.edu...HDDEraseWeb.zip

Unzip HDDEraseWeb.zip then burn HDDErase.iso to a CD-R. Also, read HDDEraseReadMe.txt.