Right, i've suspected for a while now that the 'issue' is creeping in at driver installation level, so it's got a virgin install of Win7 on it, and i've left it switched on and walked away before i throw it out the window. I shall return to it later to see if the white screen of hate has returned. If not then i shall investigate finding drivers direct from Intel and realtek rather than using HP to source them. Also pissing HP has used a custom firmware on the HDD so i can't update it with seagate's own. (typical) If its turns out not to be getting in at driver level and that its in the bios then its serious pain as the bios i believe is SMD At that point its going back to them to sort such things as warranty and such as its not my job.
I'd imagine they're going to derp you around with something like this. Suggest you run a virus scan or something similar.
When it was with the first guy he used a contact at Hp to try and resolve the problem. I think i might be on to something.. I installed Win 7 Ulimate <SP1 (torrent special), with all the drivers and the machine was fine until i used the dodgy crack where upon the machine wouldn't get past POST with out looping the boot process. So I dug out a Win 7 Pro Disc that was pre SP1 and installed that last night, still a virgin install with no drivers or internet connection and so far so good. Think i shall source the drivers from Intel and such. I Think it must be getting in at driver level and making use of an exploit in SP1..
Hello mate Just saw an article which may give you idea or more knowledge to fight it. https://www.blackhat.com/presentations/bh-usa-07/Heasman/Presentation/bh-usa-07-heasman.pdf Also driver signing, although other sites says it on by default. 1. Click START > All Programs > Accessories then right-click on Command Prompt and select Run As Administrator 2. To enable device driver signing, type BCDEDIT /set nointegritychecks OFF
See, you really want to be using trusted install media -- you've no idea what these isos have potentially had added to them during their travels... You can make alterations to any Win 7 install media (ei.cfg) which will allow you to select the version to install on boot. I have a copy on a USB stick, made my life a lot easier.
I hate to quote a whole post but.... The pirated copies of MS that I have seen usually come with a crack as you said, but usually this crack is a boot loader that hijacks the start up and tells MS that the copy of windows is valid. If you got a good copy of the crack you may be able to remove the boot loader. Some of these cracks come with software to spoof the OS in to thinking that the computer is made by a certain company(it basically spoofs the BIOS). The crack i have come across is called 7loader and you can remove the branding(bios spoof) and the boot loader. Not sure if this helps but, you may be able to remove the crack. Could that be the way the virus got on the computer originally? It's early I hope this makes sense if not let me know and ill clear it up.
You guys missed the point, The machine came with Win7 pro SP1 geniune media, i grabbed the ulimate edition which is pre SP1 just to test with. I've found out in my testing today there is an update occuring from MS that is giving this virus the ability to take over. Pre SP1 the system has been fine, and rock solid before drivers. As soon as i put the network driver in place and give the box internet connection it a matter of minutes before its taken over. I've been suspecting DNS alterations however the addresses are fine. I am shifting my attention to the drivers now as i believe it's where its getting in, however tracking down the correct drivers so far has been a pain
Impressive detection work so far. If you can identify the driver it may be worth notifying Microsoft and the Anti-Virus labs about this vulnerability and the virus exploit.
You know getting such praise from you nexxo has really cheered me up! Its just a matter of digging deeper,
If you manage to find the driver that is doing the white screen of doom as you called it Burnout, let us know so we can avoid that specific driver for the laptop/desktop. And Nexxo's right, you should let Microsoft and the Anti-virus Labs know about that. Speaking of that, What kind of computer is it?
is a hp 6200 pro, of which there is a small form factor desktop or a midi sized desktop which share the model number, I got literally hundreds of them. So have been watching this closely!
Its a HP 6200 Pro SFF. Currently the machine is up and running on the interwebs with a driver direct from Intel to enable the network controller and now running a full scan with MSSE. Still a very virgin install, no updates yet but the problem definatly presents upon updates from MS however still not found the source.
Don't say that! As Soon as I saw this thread, i pinched your white screen of doom pics and emailed them to my boss - telling him that is something we don't ever want to see. I have so many 6200 units, probably more than any other hp desktop, over the last year I have put in more than 100 into various sites.
UPDATE Not long finished a full scan with MSSE, updated to IE9 and now running the Microsoft Safety Scanner (full). I hope i am on to something here regarding updates and drivers.. Spoke too soon, white screen of doom is back which could mean IE9 is letting the f'ing bugger in
Thats annoying man. Does that mean you have to flatten and start again? Still, if it is Ie9 then we should start calling you sherlock.
Yes indeed flatten to start again.. got it down to a fine art now hence the virgin installs as it'll no doubt fall over if i get too carried away. Just removed IE8, shall avoid IE9 but go for HP drivers to see if their ok. Might be IE9 all along letting the little sh*t in
Ok funky twist has occured I didn't get around to using the HP drivers, just used the Intel driver as before however I did remove IE8, and then installed FireFox 13 to get instantly presented with this below The virus which is killing the explorer.exe and preventing the task manager is throw up a browser page in IE in fullscreen mode, however without IE its trying the same with firefox however it can't redirect the page or enable fullscreen. So the virus is a Rootkit in a UEFI that jumps to the MBR which then waits for a vunrability to present in a modern browser.
It's starting to sound like the metropolitan police virus on crack. Can you bring up run or anything? try and get it up before explorer is killed and check the startup in there, also check regedit for start up things. I'm just going off how metro works - I dunno any idea might help you in your quest.
