Windows 8 and 8.1 Forums

Windows Image restored, virus still there

  1. #1

    Posts : 299
    Windows 8 Pro

    Windows Image restored, virus still there

    My friend's computer started getting multiple pop-ups like "Your video player is out of date...." so I restored it using the Windows Image I had created shortly after he bought it. But it almost immediately started getting the popups again.

    Is it possible that the infection persisted through the image restore? Does a Windows image restoration recover the master boot record too, or could a virus/rootkit have remained in there?

    His hard drive is partitioned into C: (system) and E: (data files). The image was only for the C: drive and most likely the system reserved partition.

    I did scan the E: drive with Norton, found nothing there.


      My System SpecsSystem Spec

  2. #2

    Posts : 1,950
    windows 8.1 Update 1 Pro 64bit

    It is possible that the problem was there when you made the image backup otherwise the infection would not have persisted through the image restore.

    Download and run Malwarebytes Free on the whole computer. I would remove Norton entirely using their removal tool as it presents there own problems. Just use Windows Defender.
      My System SpecsSystem Spec

  3. #3

    Since rootkits write a cloaked partition, it is possible for a rootkit to survive a restore.

    Run TDSSKiller & see if it finds anything. Before running the program, click on the "Change Parameters" text & check the box next to "Detect TDLFS File system." Then run a scan.

    Malwarebytes also makes a rootkit scanner.

    Malwarebytes | Anti-Rootkit BETA - Free Rootkit Scanner & Remover

    It sounds like you may have some stubborn adware, so after the rootkit scan, run AdwCleaner.
      My System SpecsSystem Spec

  4. #4

    Posts : 299
    Windows 8 Pro

    I ran ADWCleaner, it came up clean.

    The new version of MBAM has the rootkit scanning option built in, and I ran the Custom Scan using that. It found nothing.

    I also ran Hitman Pro, came up clean.

    I'll give TDSSKiller a run today. Thanks
      My System SpecsSystem Spec

  5. #5

    Good advice here! Good luck!
      My System SpecsSystem Spec

  6. #6

    Posts : 299
    Windows 8 Pro

    TDSSKiller found nothing.

    I did change his DNS settings in adapter properties to use Google for DNS. He has not had any issues in the day or so since I've done that. I am wondering if his router has been compromised, and is doing DNS misdirects. I'm going to give it another day or two before I reset his router.
      My System SpecsSystem Spec

  7. #7

    Resetting the router certainly wouldn't hurt. Get a fresh start.

    Might be a case of DNS Cache poisoning.

    How DNS cache poisoning works

    You can find a DNS flush tool towards the bottom of the page here:

    DNS Cache Poisoning Attack - ESET Knowledgebase

    Or you can do it from the command line

    Flush and reset a client resolver cache using the ipconfig command: Domain Name System(DNS)
      My System SpecsSystem Spec

  8. #8

    Posts : 299
    Windows 8 Pro

    My friend's computer has been running without the misdirects and popups for 3 days now, since I started using Google DNS. He seems content to just let it be for now. I am not so sure.

    If his computer's DNS cache had been poisoned, wouldn't setting it to use Google DNS have no effect?

    Seems like it would have to be his router's DNS cache that is poisoned. Am I correct here?

    I asked him if other computers in the house are having problems, he seems unsure about that.

      My System SpecsSystem Spec

  9. #9

    It is possible the router got compromised.

    Cybercriminals compromise home routers to attack online banking users | PCWorld

    I've seen multiple instances of this in 7 forums where people had the same problem your friend did (pop ups that won't go away, misdirections, etc.) & in most instances, flushing the DNS solved the problem. That's the reason I suggested it might be DNS poisoning. If you changed the settings to Google DNS, then it would set up new parameters that void the original DNS settings.

    If everything is running fine, then you can either leave it or follow through with your plan & reset the router as well as flush the cache. Also check to see if there are any firmware updates for the router.

    Your friend needs to let you know if the other PC's are indeed running fine. Malware (if present) can easily spread from one PC to the other.
      My System SpecsSystem Spec

Windows Image restored, virus still there
Related Threads
How to Do a System Image Recovery in Windows 8 and 8.1 This tutorial will show you how to restore the contents of your Windows 8 or 8.1 PC back to how it was at the time a system image was created if your hard disk or entire computer ever stops working. You can only do a system image...
Restored Windows Image in Performance & Maintenance
The hard drive failed in our Dell desktop that I had upgraded to Win 8. I had done a clean install, and it had the Windows Reserved Partition of 350 MB. I had made a Windows Image to an external hard drive, so after I put a new hard drive in to replaced the failed drive, I restored that image. I...
no OS on my restored HDD help in Installation & Setup
I have an issue where my computer wasn't running properly, I have a HP envy 15-j084ca and i restored back to factory and ended up deleting the boot partition that was "unallocated" now when ever I power on the device it give me the "no OS loaded" just curious as to if this laptop would...
Good Morning All, I have a friend who was deleting downloads and accidentally deleted her documents folder as well (Folder was stored on a external portable hard drive). She went to the recycle bin and clicked the file and chose restore, it showed all positive signs and removed it from the...
I run BOINC, to give my spare processor time to science. I recently (after 8.1 released) decided to complete migration from Windows 7 Ultimate to Windows 8, basic edition, because Pro didn't really offer any functions I needed, that I didn't yet have. Or so I thought. I installed BOINC. Set it...
I reset my pc to factory conditions using the Samsung recover tool, the pc seems slower fps wise in games for example. Was faster before i reset the pc. Model Samsung 3505VC. I believe it might be to do with my graphics card as it is rated only 4.9 now on windows rating and was 5.7 before.
Laptop: Dell xps 17 It comes with windows 7 as default. I have a full disk image to the windows 7 install which allows me to restore either the complete disk or one or more of the 3 partitions contained in that disk Unnamed 4 MB Recovery 8.9 GIGs C (Windows 7) 460 GIGS (backup only 20 GIGS) ...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook