HP Envy X350 and Malware?

[StealthArsenal]

Hello all,

Spent a couple of nights the last few weeks trying to overcome issues with my fathers HP Envy X350 (Touchscreen with an i5/8gb ram) with Windows 8.1. Here is a list of what the issues are:

1. Some program icons/executable are disappearing from desktop/tiles.
2. Yahoo.com email client - Apparently when you go to delete emails, you need to select what is to be deleted 3-4 times before it will actually finally delete.
3. We have set Firefox for example to display a particular homepage, and the next day its back to something completely random
4. Windows Defender indicates that it is currently not running and to check and see what is overriding it. Can't seem to determine what is actually keeping it off.
5. Sluggishness when clicking things and when it comes to loading videos from youtube/vessel, etc.
6. When in Ebay.com for example(I use this example because he experiences it daily) the screens just randomly scroll and open different parts of the website. If he is in My Ebay and clicked his watch list, it will bring him to his wishlist or selling instead.

So you are probably asking, what have I done. The following is installed on the laptop and has been run looking for issues:

1. Spybot 2.4
2. Malwarebytes
3. Webroot
4. AVG Antivirus
5. CCleaner
6. Hitman Pro

One thing my father mentioned to me was that he entered a live chat with HP about the issues. They remote controlled his laptop (like a Citrix/Cisco) and bounced around from screen to screen. The gentlemen he was talking with went through control panel and accessed a graph of sorts that showed conflicts by date and time. This seems like Event Viewer to me. They wanted him to purchase a 2 year contract with HP for $250 to go in and clean the machine up monthly for the duration of the contract.

With all that said, I am at a bit of a loss right now. Any malware definitions of remnants that were found have been removed. The best I can describe it is that as soon as I remove any minute traces of an infection, the next day it comes back worse. I have contemplated using the recovery partition and starting back at day 1 again, but I am not sure if I should go that route yet.

Any help would be appreciated.

Thanks Chris

[TheKDub]

when doing virus scans be sure to run windows in safe mode to ensure that the scans work correctly.

[StealthArsenal]

Hello TheKDub,

 

I performed all the scans in safe mode.  I still didn't pick up anything of value.

[obsidian1200]

It sounds like you could have a replicating infection. When you ran Malwarebytes, did you have the rootkit scanner enabled (by default it's not)? If not, try running malwarebytes anti-rootkit and if it picks up anything, clean and scan again to be safe, repeating until the scans show no results found (if it continues to show more results, which mbar doesn't tend to do, then get ready to do a full system recovery). Then redo all your scanners, again just to be safe. There are a lot of other steps to try, but those are some of the easier ones.

 

If that doesn't help, I'd say it'd be best to use that recovery image after backing up his important info (the recovery image would take it back to factory, you can try the refresh option but I've not had good luck/seen it fix anything that an SFC scan couldn't fix). At the very least to save him $250 as HP may not be able to fix it either, despite what the salesperson/technical rep may claim.

[StealthArsenal]

I don't believe the rootkit scanner was enabled.  I actually forgot all about that aspect. I will check it again.