HELP STATION
Expert solutions for everday problems.
Malware begone!
I have a very frustrating problem with some adware/malware. My pastor has an older PC running Win 10. It has the free versions of AVG and Malwarebytes installed, along with Windows Defender. A year or so ago, she started getting ads for Staples.com popping up, taking over the Chrome browser. We noticed that while she was working on a document, the Run command prompt would pop up in the lower-left of the screen and she would be taken to Staples.com. I checked the Run command history and found several variations of Staples.com in the list. Some were misspelled. I ran deep scans with AVG and Malwarebytes but found nothing. I erased the Run history, cleared the cache, ran CCleaner, and hoped for the best. Three days later, it happened again, and she was unable to use the computer, as it just kept running the Run command by itself. I scanned her USB drives and a desktop drive that is connected, with nothing found. Finally, after trying a search for anything with “staple” on the entire computer and finding nothing of note, I did a complete reinstall of Windows 10 without saving any old files. After reinstalling all her software, the machine worked great again. Until recently. The Staples Run command has reappeared. Clearly, something is infected, but scans
don’t find anything. Can you offer any suggestions as to how to locate the culprit file on USB connected drives?
Gerry Exstein
TechLife responds: This bears all the hallmarks of a typical virus infection – it might be some random script on your pastor’s computer, or it may indicate someone has given themselves remote access to the PC and is manipulating it externally. Either way, you need to close that security hole. We recommend a complete wipe clean and reinstall using Windows installation media, making sure you format the Windows drive before reinstalling Windows on to it.
Once done, up your pastor’s security – free software is all well and good, but it’s clearly not protecting you here. Choose a comprehensive security suite – such as Bitdefender Total Security – that includes additional protection. In the case of Bitdefender, it contains multiple technologies that actively look for suspicious behavior; in some ways, it’s over-protective, but in this case that’s preferable to being subject to another attack. In addition, its firewall is two-way, which means it monitors outgoing connections from the PC as well as incoming ones, so if someone has implanted a remote-control tool on your PC, Bitdefender should spot it.
Also make sure security is tightened in other areas. First, physical security. Does anyone else have access to the PC? If it’s being shared, your pastor should lock off her own account with a password – which should be changed in case it’s been shared with others—then set up guest access or standard (non-administrator) accounts for other users. Also, make sure any shared folders are passwordprotected, so only trusted contacts have access, and check that no remote-control software has been installed, and that Remote Desktop – not applicable if she’s running Windows 10 Home Edition—is disabled. To do this, type “remote access” into the Search box and click “Allow remote connections to this computer” – ensure “Don’t allow remote connections to this computer” is selected.
If the problem comes back, use a free tool called ESET SysInspector ( www.eset.com/int/support/ sysinspector/) to log all running processes and services – it’ll flag any potentially suspicious ones (along with suspicious network connections), which will hopefully provide tell-tale traces of where this infection originated.
Sleep reboots
My Dell Inspiron 15 7000 two-inone laptop sometimes reboots after opening the lid. Control Panel is set to put the computer to sleep when the lid is closed. There’s no specific time delay – it might do it after just a few minutes of having closed the lid or after a couple of days. Event Viewer simply says that the shutdown was unexpected. When I close the lid, I usually only have Chrome running with a few extensions. How do I diagnose what’s causing the reboots?
Doug Ochsner
TechLife responds: First, make sure your BIOS and drivers are all up
to date. If the problem persists, try resetting the BIOS to its defaults. Still no luck? Verify that hybrid sleep has been disabled (it should be by default on laptops): Go to “Start > Settings > System > Power & sleep” and click “Additional power settings.” Click “Change plan settings” next to the current plan, followed by “Change advanced power settings.” Expand “Sleep > Allow hybrid sleep” and change the setting to “Off.” Click “OK.” If you ever put your laptop to sleep in battery mode, repeat for that power plan, too.
If this doesn’t work, try putting the laptop to sleep manually via the “Start” button – if it randomly restarts from here, it’s worth running a diagnostic to see what’s waking it up (and then subsequently causing it to crash). Right-click the “Start” button and choose “Command Prompt (Admin).” Type the following to generate a power efficiency diagnostics report and save it in your Downloads folder:
$ cd %homepath%/Downloads $ powercfg /energy
Wait around 60 seconds for the report to be generated, then open the Downloads folder and double-click the energy-report. html file to view it in your browser. Don’t be alarmed at the number of red errors and yellow warnings – many represent normal behavior (such as your drive imaging tool refusing to allow your PC to sleep while it’s running). However, they may also reveal potential causes for the reboot – could the reboot be caused by a background app trying to run, for example? If so, check the web for possible causes – is it a known problem with that app, in which case there might be a patch, or failing that, try disabling whatever part of the app is waking your PC, or try uninstalling it to see if that resolves the problem.
One final thing: Make sure you run a full disk check of drive C. All those reboots may be leading to file corruption issues, in which case a simple chkdsk should fix it
– set this up via the same administrator command prompt as earlier:
$ chkdsk c: /f /r /x
You’ll be prompted to schedule disk check for the next reboot, so press Y, then restart your PC, and monitor the check to see whether any errors are found (and fixed). If they are, you may find that the sleep feature now works correctly, too.
App sound issues
I’m running Windows 7 Pro – fully updated – and have a long-standing issue. I get no sound in any apps like VLC (fully updated), as well as all other video player software. But I can get sound using “Open with” and any browser, no problem. All sound works in all videos in all browsers; that’s been my workaround. Sound also works for videos in iTunes.
I have tried reinstalling the sound driver (Dell XPS 3770) and uninstalling/reinstalling. When I try to mess with audio settings in VLC, VLC crashes. No sound setting adjustment works at all in other players. Seems like a registry corruption issue, maybe due to a Windows Update long ago. This Win 7 install is very old. I’m reluctant to mess around with registry settings about which I know nothing.
Any help appreciated – it’s a stumper for me!
Alan Perla
TechLife responds: Our temptation is to say wipe clean and start again. Given the age of your Windows 7 installation, it’s long past its reinstall-by date (more on that shortly). That said, there are some quick tweaks you can try. First, could it be possible that your playback and output devices have become garbled somehow? Maybe your video player’s audio output is being re-routed to your headphones jack, for example – try plugging in a pair of headphones and listening in.
To check this out in more detail, open the Sound Control Panel – check which is your default device on the “Playback” tab and change it, if necessary, by selecting a different device and clicking the “Set Default” button. You may also want to click “Properties” and explore the various tabs to see whether any other settings may need reconfiguring.
If you suspect system corruption, try running “sfc /scannow” under an administrative command prompt to identify potential corrupted system files. Beyond this, messing with the registry’s a no-no unless you know exactly what you are looking for – and don’t bother with registry cleaning tools; they’re more likely to introduce problems than actually solve any.
Instead, take a fail-safe image of your current install with Macrium Reflect Free, use an app such as CloneApp ( www.builtbybel.com/ ms-apps/cloneapp) to back up key program settings, and make sure your data is also backed up – using Windows Backup & Restore for simplicity – if it’s stored on the same partition as Windows. Make sure you’ve got the latest version of all available drivers for your PC as well as your program installers (if any apps required activating over the Internet, find out what you need to do to transfer the license to the new install – you may need to deactivate them first, or contact the developer to inform them of your plans; take your drive image before you deactivate the license, just in case).
Once done, format the drive, reinstall Windows 7 from scratch (if your install media doesn’t include SP1, download a fresh ISO file to burn to disc from www.microsoft. com/en-us/software-download/ windows7), then install Macrium Reflect before taking a fresh drive image. Next, install all available updates and drivers, taking a differential drive image, before restoring your backups and reinstalling your programs and settings. Keep testing the sound throughout, but we suspect that wiping your drive clean and starting again from scratch should resolve the problem once and for all.