Brand new install of win7, got spyware already

[Red Squirrel]

I am in the middle of a brand new install of win7, the only thing I installed so far is ATI drivers and motherboard drivers. (chipset, network, etc)

I went to open IE so I can download Palemoon, and was immediately greeted with a popup ad for something called Splashtop connect. There was no way to get out of it. No X button or nothing. Googled it and found that it pretty much takes over your system. Has stuff in startup, etc. In fact when I was running hijackthis for every single item that was being deleted it kept opening IE again, reinstalling the spyware.

I managed to kill it, but, how did this happen? I'm behind a firewall so I don't think it came in from the outside via an exploitable port or something. I did not run windows update yet though but have not got on the internet at all. In fact it was my first time opening IE.

 

[lxskllr]

Did you use a clean MS supplied image?

 

[smakme7757]

As long as you're behind a NAT router without any ports forwarded to your Windows 7 machine then you don't have any exposed ports anyway. So Firewall or not, you're safe.

On first load IE opens MSN. So unless they have malware there and unless you jumped from site to site to find Pale moon I'd alsmost have to say it's either:

A: Malware on your network
B: Malware on your Windows image.

Where did you get the ISO from?

 

[Red Squirrel]

It's a legit copy, actually. (not even burnt from a legit, it's actually the original).

I did a malware scan and it found nothing else. I don't have much windows machines on my network, could one of my Linux machines be infected with something, any way to check that? I know there was various exploits over the last few years like shell shocker and the openssl one (I do have openvpn and at one point the port was wide open). So I suppose it's plausible.

The first time I opened IE the popup came up right away, so it was even before I went to another site. Though, I imagine it's very well possible that the default MSN page actually got hacked. Probably would have heard something by now though.

Edit: Researched further.... it seems it's bundled with Gigabyte drivers! Wow, that's pretty bad. I guess it teaches me to not do "express" and actually do each driver individually... pretty bad they try to sneak junk like that. Well at least it solves that mystery.

http://www.tomshardware.com/forum/25157-63-have-annoying-malware

 

[VirtualLarry]

Edit: Researched further.... it seems it's bundled with Gigabyte drivers! Wow, that's pretty bad. I guess it teaches me to not do "express" and actually do each driver individually... pretty bad they try to sneak junk like that. Well at least it solves that mystery.

http://www.tomshardware.com/forum/25157-63-have-annoying-malware

Wow, that's pretty bad. Thanks for the heads-up.

 

[corkyg]

Drivers are a common source of such PUPs.

 

[MustISO]

Drivers are a common source of such PUPs.

In 20 years I've never seen a driver (from the manufacturer's site) bundled with anything. Maybe I've just been lucky but I work on PC's every day and have to re-install drives. Now drivers from "www.find-your-awesome_drivers-now.net" websites, I could understand.

 

[corkyg]

I don't mean actual drivers, but driver bundles from 3rd parties. Same for some updates - Flash is a good example. CNET and Firefox also can be loaded.

 

[HOSED]

thanks for the heads up I am doing a win 7 reload for a neighbor. So far I just installed SP1 , when I get the lengthy list of updates following SP1 should I just do them all at once or in "batches". Note system is an HP desktop circa 2010 and I have disabled or removed all HP "junk" software already, there is a version of norton for which she has a license recently paid for. Thanks and sorry to hijackI ended up installing ALL 124 updates (~460 MB) in one batch, it worked fine. Also had to remove Norton with a tool, reboot, install latest version, then update and activate.