John Galea's Blog

Just another WordPress.com weblog

How to waste a WHOLE bunch of time and have no fun in the process with Windows 8

There was an old song from the 80’s from Thomas Dobly … at one point it says something like as a world renowned scientist I was surprised when she blinded me with science … Well as an IT professional I had an experience I felt I just had to share.

I was working away on my Samsung Windows Tablet when up pops a message saying FlashUtil_ActiveX is being asked to run (from a web site) and is not signed, did I want to run it. It came up over and over again. Doing some digging it looked to me like my system had contracted a virus and got it’s way right through Windows 8 defender. In spite of being patched. Grrr. I must say in all my years of computing I’ve only occasionally (about 3 times) personally encountered viruses. I’ve had lots of them blocked. One of the things that always troubled me was that I was unable to get my tablet backed up. I haven’t been able to find a way to boot from a USB device (CDROM or flash drive) and create a backup of it. The UEFI bios only allows properly signed and approved OS’s to boot. So tools like BartPE, WinPE etc won’t boot and are 100% ignored. And even those that are approved aren’t obvious for how to get them to boot. One of the troubling things I ended up learning was that it’s not going to be easy (if it’s possible at all) to install a different OS (say Linux) on this tablet. To boot from an approved USB device such as a Win 8 recovery drive you have to get into the UEFI settings by pressing and holding F2 at boot time. Now if you don’t have the keyboard option you will need a USB keyboard. Then go into security settings and disable Secure boot. If the USB device you are trying to boot from is properly supported then it will then show up on the exit screen under Boot override (if it was plugged in at power on). Then you can boot from a USB device. I was able to get it to boot to a Windows 8 recovery disk as well as a Win 8.1 preview disk. Confusing and limiting.

So after reading about this virus (a trojan it seems) I decided I needed to fix my tablet.

It turns out Windows 8 has built in some options (just search on recovery) to help you rebuild your PC. So the first and least destructive of the options is called refresh. It keeps your files, refreshes windows, removes desktop installed aps, but keeps Metro aps. Sounds like a reasonable course of action. So I had previously known about Windows Resource Protection which attempts to monitor and protect Windows itself (although in this case it clearly failed). So they provide a tool call sfc (system file checker) which scans your system, looks at system files and tells you if any are corrupt. It can also do some cleaning. But do reading and try and find out what to do it if fails? For me after a refresh sfc failed with hundreds of files reporting as being corrupted. I read a number of articles about what to do next none of which helped me. So I was left assuming the system was still compromised.

So next up in Windows recovery options is reinstall. This is suppose to put the PC back to factory defaults. Well I did this and a bunch of the preinstalled aps were gone, so while it did a reinstall it wasn’t back to factory original. Grr. sfc now passes. So I start reinstalling everything. No small task. Every now and then running an SFC, and low and behold boom, sfc starts failing again. So I think, hmm it’s been reinfected. Grrr. So I think ok, I will try and create system restore points I can revert to in the process. Reinstall again … sfc fails again, revert back and sfc still fails grrr. Reinstall again, sfc passes, start the rebuild process etc. I’m about to give up so I call Samsung and ask for a recovery image to get my PC back to factory original. Nope doesn’t exist. Ship it back to us and wait up to 21 business days and we will get it back to you? WTF. No cost fortunately but still that’s a HUGE amount of time to be without my main machine.

I also decide to pro-actively check my set top PC (also running Win 8) and sure enough it fails SFC. I start to rebuild it.

So I start to do some more reading and what do I find out? Well it turns out a Microsoft fix has resulted in sfc reporting failures. So it turns out the week I have been spending rebuilding was unnecessary. Sure I had to refresh once to get rid of the virus, and sure I’m not thrilled about defender totally allowing this virus through (yes I was patched and up to date) but this was one HUGE waste of time.

I did use the time to start looking into some Anti Virus options. I found Av-Test that allows you to compare how good anti virus programs are (albeit in an artificial environment).

Hope this helps you learn from my fiasco … grrrrrrrrrrrr.

Advertisements

August 12, 2013 - Posted by | Uncategorized

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: