Need help, weird problems with laptop
April 1st, 2021
My sis told me that she got this problem some months ago, that time, the laptop deleted files on its hdd, even the system files – at that time, the machine was running Windows 7. I asked her to format the whole hdd then fresh install Windows again, and it happened the same.
So I took her laptop and install it myself.
Til now, I’ve installed 5 times Windows 7, and 1 time Windows XP. And I got the same problem, after sometimes, the laptop does delete files itself, and that makes Windows corrupted. I tried to find the answer but still got no idea how. Here’s what I already did, and some of my opinions
_Already fdisk, clear MBR, fresh reinstall.
_Installed drivers one by one and checked for problems.
_The laptop only deleted files when it was connected to the internet.
_Whenever the laptop started to delete files, some folders appeared like “DD_Deletedfiles’, then almost everything’d be gone. _If I connect the laptop to a network with firewall, it stays ok.
_Already removed any suspicious stuff, SIM card etc …
_Even when I only installed Wireless and connect to the internet, the problem would appear after some minutes.
_I noticed that after connect to a network with internet access, the machine would automatically connect itself to a remote IP, here’s a screenshot:
If someone know about this problem, please tell me. I will try to change the hdd and see what’d happen then. Thanks!
it is really weird problem , the communications established points to TELUS Communications (you isp , i assume) and microsoft . do you have any secondary internal or external harddrive constantly connected to the laptop ? also did you delete system reserved partition before reinstalling system ?
Are there any remaining partitions from the old install? You can use a network monitor to see which processes are connecting to these addresses.
Use netstat -b in an elevated prompt.
If it doesn’t work check InternalGetTcpTableWithOwnerModule if you need help for its use, leave me a message.
I have had some thought about it.
Might be any kind of virus in your network? are your systems defended properly?
Thank you guys for quick replying.
I removed any suspicious things before installing Windows, I removed the SIM card which is supported in this machine, I checked and there was no internal or external hdd/storage device connected to the machine. And yes, before installing windows, I did fdisk the harddrive, reset MBR, and of course, there was no partition left before the windows installation started. I am reinstalling Windows now, so when I’m done, I will check the netstat with -b switch.
I don’t think this is a normal virus situation because the first time I installed the machine at home, and pretty sure that there was no virus at all, I checked with some other networks, but I can say that they’re virus-free. And since this problem happened while my sis was still in Germany, so, the problem must come from the machine. I also did upgrade the BIOS to make sure. And 1 more thing, the Telus Communications isn’t my provider, I’m living in Vietnam and as far as I know, Telus is a corporation came from Canada.
self destructing laptop is a thing that i heard for the first time in my life it strongly suggest a malicious activity and there are only 2 ways that a malicious code stays still after format. 1- a sophisticated malware infects or corrupts system reserved partition or also system efi partition if you make uefi install. but you said there was no partition during install. was it totally unallocated raw harddrive like on this pic ?
http://www.sevenforums.com/attachments/tutorials/2441d1379261910t-clean-install-windows-7-a-step8.jpg
2- again a sophisticated malware which infects boot sector of anything else than primary harddrive , you said there is nothing connected except primary drive , so this is also out.
along with them most probable third thing , is a malicious activity in your network , do you have a chance to try an isolated internet connection such as cable dsl ? but since you said this started back on germany , it is really unlikely. one thing i dont understand why laptop connects to Telus Communications , only thing i can think of that DELL is using some of their services through it.
also i assumed , the windows you install is original and not prepacked with something malicious , as well as that you dont install something malicious every time after format such as an infected driver installation .exe
, your answer is reasonable(glad to have you on this board), this seems to be the answer. A boot sector malware.
But I think it could also be vendor’s junks. Keep us updated with the netstab -b
Sorry guys, I was too busy with the machine since I had reinstalled it for 3 times more. Here’s a screenshot of the netstat with -b switch
I forgot to take a screenshot of the netstat with -n switch, but the address on the photo above is still from Telus Communications. And from the previous installation (before the installation which I took screenshot), I checked, and the ZeroConfigurationServices.exe was using that connection. I did some research and they said that service was used from Intel Wireless to replace the default wireless management, but I still wonder why.
@: I made sure the harddrive was totally deleted all of its partitions and only recreated them in the installation process. And the Windows installation CD that my sis used was different from mine, and as I said before, I even tried to install Windows XP.
And things are getting worse since the 3rd installation (today only), this drove me crazy.
I changed the harddrive – cuz I had another harddrive from my old laptop – then I reinstalled Windows. This 3rd time, I installed all necessary drivers then installed Microsoft Security Essential, updated it, then I restarted the machine cause MSC asked for a reboot. And gone baby gone, the machine couldn’t start and said that there was no boot media to be found. I then checked and found out that all the partitions were gone, something had destroyed the partition table or something like that. . I used a partition tool from Hiren’ Boot CD to check it. Was too tired with this, but I tried the 4th time, this time, after I installed the Card Reader driver and restarted the machine, the same problem happened again . All the partitions were deleted. (. I’m starting to lose all the hopes with this machine. It’s kept me busy for almost a week now. So, what could be the problem? Since I already updated the BIOS, changed the harddrive. Any suggest? Please let me know if you guys have any opinion about this. Thanks so much!
even changing harddrive didnt fix the problem ? well then , thats beyond my knowledge if it was 10-15 years ago i could say bios also maybe infected but it is impossible nowadays as far as i know. maybe can help you since he is very good with commands and detailed things , he seems like an IT expert and thanks for your kind words , i also share the same thoughts for you.
Try pulling out the CMOS Battery for about 15 seconds, put it back and then boot the machine.
One way to be sure it’s not the hard drive would be to use a different one to see if it does the same thing. If it does it could mean that some drivers or something in your install is causing it (driver installers are an easy way for malware to get installed).
If the replacement drive works normally, it could mean that your original hard drive’s controller was infected
Not much else you can do with it then.
http://motherboard.vice.com/read/the-only-way-you-can-delete-this-nsa-malware-is-to-smash-your-hard-drive-to-bits
oops… nevermind, I missed the part about changing the hard drive out. Guess that just leaves something in the install is doing it (drivers or os copy you’re using).
I switched back to the original harddrive and installed Windows Server 2008 R2 x64. And now I’m posting this from that machine, and it’s been running for about an hour now. @: It’s a laptop, I don’t know how to take the CMOS battery out, and even I don’t wanna do that because it would be a bit tricky to open it up.
@: Yeap, I changed the harddrive and got similar problem, not exactly like the old one, but still, everything was gone after connecting to the internet, and in some minutes, or half and hour.
So as I said, I installed Windows Server 2008 X64 juz to check, and the machine’s still up and running til now, I suspected the drivers at first, but then when I installed Windows XP and got the same problem, I doubted that it would come from the drivers. I will keep the machine running to see if the problem would happen again.