SOCNET

Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #21  
Old 5 July 2018, 09:33
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,716
Ramzmedic,

9 times out of 10 the simplest explanation is often the most correct. Try disconnecting any external devices if you haven't already. Once you're at the command prompt, run "sfc /scannow" and let me know what the results are.

Ultimately, you're going to need to use system restore to to get back to a good state to work with.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #22  
Old 5 July 2018, 09:39
Paul85 Paul85 is offline
I still think I'm fooling everyone
 
Join Date: Aug 2013
Location: Poland
Posts: 1,379
Quote:
Hopefully not too overly complex for a knucklehead like Ramzmedic
You know, something dawned on me. Maybe he should back up his data and reinstall the system instead of trying to track the misbehaving driver. Back up Documents, desktop, favorites, custom files/folders in root, custom configs/settings from Appdata, PST files or MBOX files and roll.

For anyone interested, Windows 10 (like 7) can be installed completely from scratch without deleting what's already on the disk drive. You just select the drive with old installation without formatting it beforehand and the installer simply tells you that it will move all old files to Windows.old in root of the drive. However, backing up the data before this is always prudent.

Given the speed of modern PCs and speed of Win10 install (especially from flash-based removable media) this might turn out to be the fastest and safest solution.
Reply With Quote
  #23  
Old 5 July 2018, 09:42
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,716
Quote:
Originally Posted by Paul85 View Post
...back up his data and reinstall the system...
This is a good time to remind everyone of the importance of backing up your data to another medium.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #24  
Old 13 July 2018, 09:17
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 13,080
I use this in production for my biz:

https://www.macrium.com/reflectfree

Paragon has a good free one as well. And acutally Windows 7+ is actually decent, if not a little space hungry. You can get to the old Win 7 backup in Windows 10 too, as well as whatever Win 10 has.
Reply With Quote
  #25  
Old 13 July 2018, 11:04
BOFH's Avatar
BOFH BOFH is offline
I aim to misbehave
 
Join Date: Jul 2004
Location: \\Gibson\garbage
Posts: 4,265
My simple solution for things like this: find the driver, uninstall it, then reboot. Windows will reinstall the driver automagically. That usually works, if it's just a shitty driver. If it's malicious, then it gets more complex. At that point, frankly, it really depends on how deep you want to dig. You can look into anything from commercial AV tools to memory forensics.

It being my profession and all, my first instinct is to pull a memory image and look for badness there. I suspect that's a little deep for most, but this tool can go some reasonable way toward identifying malicious drivers and rootkits.

Also, don't let those of us who are security nerds scare you. In all likelihood, it's just a shitty driver.


Edit: the tool I linked may fire AV alerts. It's not malicious, and I've ripped it apart and verified that.
__________________
"...for those who man the battle line, the bugle whispers low, and freedom has a taste and price the protected never know..."


While true:
Continue
Reply With Quote
  #26  
Old 13 July 2018, 11:06
BOFH's Avatar
BOFH BOFH is offline
I aim to misbehave
 
Join Date: Jul 2004
Location: \\Gibson\garbage
Posts: 4,265
Quote:
Originally Posted by CV View Post
This is a good time to remind everyone of the importance of backing up your data to another medium.
That can't be stressed enough.
__________________
"...for those who man the battle line, the bugle whispers low, and freedom has a taste and price the protected never know..."


While true:
Continue
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 01:35.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Socnet.com All Rights Reserved
SOCNET 1996-2018