At loss: Kernel virus or something else

Soup Stand

Posts: 18   +4
Hi,
I am new to the thread but a long time reader of TechSpot.
Here is my dilemma:

I purchased pc parts about a year ago, built me a pc, all parts good quality and from highly recommended shops. Only possible suspicion has been the OS on USB bought rather cheap from a 3rd-party Amazon seller.
Everything has been finely working until early March 2021. First problem was image and video distortions, which to my eye were totally random. Thumbnail images sometimes had red fuzzy lines over them, some videos on Youtube, Twitch etc. sometimes had red or green distortions, sometimes not. Then came the browser crashes, also seemed random.
I did virus scans on my F Secure program that was installed, came without any suspicions. Uninstalled it, and subscribed to a Norton one. It found some Trojans and dealt with them. Still the problems persisted. I reinstalled Windows 10, now a brand new official Microsoft one from DVD. Also ran the USB stick version of Norton where one can boot straight from there after BIOS and choose to boot from USB. It found a "high threat" and dealt with that, curiously dating that virus' age to around the time the problems started.
Yet the image and video distortions and browser crashes stayed. Also Norton now crashed often. In Norton history tab it said "blocked by unknown process". I contacted Norton who did several Remote Access session, as of now running at three sessions. First time they thought it was Java issue. And the quick scan did work... for a day.
I contacted again. Next session they wanted to extract log files (throught their LifeLock system that can be found at their official site so I find it secure, also talked with them on phone through their official number and through emails.)
Before the third time they explained their technicians had found no sign of viruses but the last session they took some history files and such still and told me they are still on the case.
Now I've also been addressing this as possible driver issue or a hardware issue. I am open to any result, as long as it gets me to a conclusion - if I need a new GPU or a motherboard etc. I am fine with that.
I have done things like rolled back to old gpu drivers, with no drivers, latest drivers, with all the Windows Update up to date, with Windows Update paused of a new clean install...

Another aspect is that so far all video games I've tested had zero issues. I have two rather gpu-demanding games, one from late 2020, one from 2021 with details turned to maximum, still working fine without even any frame drops. This one I found would indicate at least of all the parts the GPU was fine.

Also I've tried various BIOS versions. My Aorus Ultra X570 was at F20 when this started. I flashed (with @Bios program in Windows) to F30, then the latest out since yesterday F33. Curiously in BIOS Q-Flash gave me "can't read file" - with the same file that @Bios accepted fine under Windows 10.

I have a laptop that I've used to secure all my passwords, changed email etc. I'm for now treating the desktop as "risky".
I created also a USB burn of a Linux OS, but when I tried to install it on the desktop, I got an IRQ error (this was under F30 BIOS.) and the process stopped and I had to restart the computer.

I'm now in the process of getting programs to test the hardware, as much as I can, to rule out the hardware problem. As far as I know there is no way to test motherboard?

Apologies for this lengthy post.
But as a pixel artist and would-be programmer I've just lost all my passion for now until I can figure this out.

Also I have been talking via phone and email with F Secure, the company that I'm also still subscribed for their virus protection (not currently installed since I have Norton.) They have asked me to google tech problems for my motherboard, but when I asked whether as a worst case scenario, it is possible I have a BIOS virus, they said yes, but as a worst case scenario. I also sent them some log files they requested but found nothing. There was some program they thought potentially suspicious, but I have since reinstalled Windows and don't see it listed under Windows Apps anymore.
From what I have gathered it seems to at least visually and crash-wise isolated under Windows to programs that connect to internet. Although Steam and GOG Galaxy seem to be so far exceptions.
Even Discord program has had distortions in their startup animation. NVidia Experience, when online, has crashed a few times and also had some red visual distortions on some occasion.

Some more system details:
GPU: Nvidia RTX2070 Super
CPU: Ryzen 3900
PSU: Be Quiet! Platinum 750W
CPU fans: Noctua NH-D15.
Temperatures have never gone too high as far as I have observed on any components, all have seemed fine.

Yes, so there is the core of it.

Thank you very much if there is anyone who can study this and help tackle what to do.

Soup Stand
 

Soup Stand

Posts: 18   +4
Ah sorry. Just remembered I haven't tried Steam actually on this particular computer. Also I now remember an occasion GOG Galaxy had distortions : when there was an Achievement box connected to a game, this being from Galaxy layer program not the game itself : this box also was distorted.
 

Broni

Posts: 55,798   +503
Since two security companies found no security issues I'm moving this topic to Windows forum.
 

Soup Stand

Posts: 18   +4
I have now tested the GPU with GPU-Z and Unigine and after studying the results, everything looked fine. Even the whole 3D test with over dozen scenes had zero visual problems. Similar to when I run video games, they work just fine.

Then I have also been doing memory tests with MemTest86.
It also tests the motherboard and CPU to some extent, at least.
First stick (out of two) got a perfect score of 100% with zero errors, after over 4 hour long test. I am now doing the same for the second stick which so far has also zero errors.

I also tested my SSD with another program that does various read and write tests, also gave zero errors.

I am quite clueless.
I have installed all the Windows Updates after using a DISKPART program (booted from Windows 10 DVD -> shift + F10 -> command prompt -> DISKPRT -> select disk 0 -> clean all ) to wipe out everything from the SSD (the only one) and then doing the whole Windows install again from scratch (maybe 10 times already...)

The problem of crashing browsers happens still, and it happens even with my internet cable unplugged. I took off as much of "fancy stuff" from the browser as I could (hardware acceleration OFF I tried weeks ago anyhow), the New Tab is as blank grey as it can be. Yet while only offline, after a certain number of new empty tabs (it seems to be random), say a 6-7 tabs, the browser just dies.

I have no clues at all. But I keep testing.

It could still be a dying GPU?
Even if it's such a peculiar effect only?
I have been thinking of RMA'ing it back to Gigabyte at some point. If all the testing results show no errors anywhere in any components.
Though I wonder if Gigabyte would have a RTX2070 Super in their storages right now? I mean the GPU situation is the worst possible one for anyone to have theirs break down, and looking for at least a newish one.
But if it's a manufacturer's fault, would they still have one, or newer one to replace it?

I mean if it's not GPU - there are very few options. And most people I've talked to say it can't be a virus. (Although I did read a similar story where there were very well hidden viruses/malware : https://superuser.com/questions/129...ows-10-it-crashes-the-system-almost-instantly )
And if it's not a virus/malware nor GPU.... It could only be a motherboard, right?
That's the one hardest to test, I think?
 
Last edited:

Soup Stand

Posts: 18   +4
Ah, and also I took out the GPU and reseated it to make sure it's well connected. Also someone mentioned the two power cables should not be connected with a splitter cable, where the two cables end up into a single socket in the PSU.
So switched to separate cables for each of the GPU cable ports and now have them in two different PCIe ports (1 and 2) in the PSU. No changes.
 

Soup Stand

Posts: 18   +4
So, I did another clean install of Win 10 (with a wipeout of SSD first.)
This time 100% offline, even internet cable was disconnected.
Started a fresh Windows 10, opened the browser.
But there are no crashes.
I keep opening tabs, up to around 25. I opened 5 new browser windows, kept opening new tabs.
No crashes.
I am a bit clueless still. But can the problem start online when I connect to internet and from then on stay on the computer?
 

bazz2004

Posts: 1,744   +293
You know a lot more than me but I've read through the thread. The only thing that jumped out at me is that you mention "the browser" regularly - but not which one you are using. Maybe if you have a favourite it's time to dump it. Edge should be the most compatible with Windows 10.
If you can't crack this soon get a ready built system before it drives you insane.
 

Soup Stand

Posts: 18   +4
Yes might be too late already for that :D
But more seriously... It's not within my options to build a top-notch gaming system for a long time. Especially with GPU prices now being 2x or even 3x the "normal" price... at least, for who knows? ... until the next spring?
But I have gone through Internet Explorer, Edge, Firefox, Opera and Chrome.
It doesn't matter what I use the problems are the same.
IE actually doesn't even work well anymore, giving blank pages - but that might be the same for everyone using Windows 10.

I got Norton help me out though so maybe there is still a chance:
They told me they found a lot of errors within Windows, having gone through the computer log files I gave them some time ago. So they don't point to viruses - unless it's the damage done by the now-gone virus... and no mention about replacing hardware, just that I need to fix some errors, that are really, really persistent, surviving through fresh installs.
 

bazz2004

Posts: 1,744   +293
I run as little security software as is necessary. Microsoft Defender does the job fine and if I’m not happy other software scans give reassurance. Going commando isn’t a good idea but try removing all security software apart from that provided by Microsoft. Security programs sometimes don’t play well together. In the past I’ve found some hard to get rid of completely.
 
Last edited:

Soup Stand

Posts: 18   +4
I've been told that anything above one security software at one time will cause issues, indeed. As far as I know, Windows Defender will turn itself off automatically on Windows 10 when you install another similar software.
But I mean - happened to me, and I've never been to somewhere "proper dodgy" sites, never used Darknet, never download illegal PC software etc.... yet Norton Antivirus found something they labeled, "serious threat." But was it as bad actually? Where did it come from ? Was it just some weird bad luck? ... No idea.
It was a virus though, and Windows Defender did not catch it, that I'm sure of, a proper Trojan nasty, with some "machine learning" code in it.
And it did appear on to dot, the day my problems started, too.
But on the other hand I have a laptop I never got any viruses that I have been using nearly 9 years... :D
 

bazz2004

Posts: 1,744   +293
All I can say is that allowing any outside party to access my computer seems a big no no. It rings alarm bells for me. Given a big issue I’d reinstall Windows. All personal data is backed up elsewhere.
 

Kshipper

Posts: 545   +124
TechSpot Elite
Bazz2004 is right and I would say that you should make your own WIndows 10 install media from a blank Flash Drive here:


When you do the install if you give it Internet it will pick up the fact that you had Windows 10 before and it won't ask for a product key during the install. If you leave it offline you have to pick the correct version of Windows you have (I assume x64 Home or Pro) and when it asks for the product key just click "I don't have a product key"....later it will pick up the key automatically when you go online.
 

Soup Stand

Posts: 18   +4
Thank you Bazz2004 and Kshipper.
These sound like solid advice. Much appreciated.
I will try that.

And yes, letting someone remote access raises a few alarm bells... But it was Norton through their LifeLock service that originated from their official site, and also all my data was basically gone from that system anyway, nothing left but the Windows... and I was kinda desperate anyway to be honest. But I'll try to avoid any remote access from now on...
 

Kshipper

Posts: 545   +124
TechSpot Elite
If you rebuild from your own media from that link I gave ya' and you still have an infection, than you could have a boot sector virus on the drive or it could be in the BIOS. Replace the drive and/or reflash the BIOS are 2 ways you could go.
 
Last edited:

bazz2004

Posts: 1,744   +293
When you get this done I suggest keeping things barebones. Don't install sophisticated security solutions, browser extensions or resource intensive software. Stick initially to basic stuff like emails and browsing. Once you're happy with that slowly reinstall the software you want and take it a step at a time.
 

Soup Stand

Posts: 18   +4
Thank you for the advice again.
It's nice to hear friendly advice among this confusion 🙂
What kind of flashing would it require if BIOS gets infected... I do have a Q-Flash Plus on the motherboard... but that requires taking off the CPU (and cooler of course) as stated by the manual. That way you only plug the PSU and a USB (with the new BIOS file)to motherboard. But I have never done that and would that be unnecessarily complicated? There is a Windows program called @Bios from the manufacturer, Gigabyte, as well.

I actually ordered a new SSD just in case. And more space never hurts...
 

Kshipper

Posts: 545   +124
TechSpot Elite
Thank you for the advice again.
It's nice to hear friendly advice among this confusion 🙂
What kind of flashing would it require if BIOS gets infected... I do have a Q-Flash Plus on the motherboard... but that requires taking off the CPU (and cooler of course) as stated by the manual. That way you only plug the PSU and a USB (with the new BIOS file)to motherboard. But I have never done that and would that be unnecessarily complicated? There is a Windows program called @Bios from the manufacturer, Gigabyte, as well.

I actually ordered a new SSD just in case. And more space never hurts...
You don't have to remove the CPU to do the BIOS update. You can go into the BIOS itself and find the section in there that lets you upload from a USB flash drive. Just have the correct BIOS for your system on the flash drive (uncompressed) and you should be able to use it. The @Bios will work too from with Windows and do the same thing. The no CPU bios update is for updating the BIOS when the CPU is not recognized. =)
 

Soup Stand

Posts: 18   +4
Okay... Another update:
I have flashed the BIOS from BIOS boot (END key for me during boot takes me straight to the flash menu) twice even, went to F10, then to F11 (second time I remembered to tick "also do for backup BIOS").

Then I used DISKPART again to do "clean all" and format a new partition..
I installed from the USB stick that had the official microsoft Windows 10 downloaded into it from Microsoft site. I chose "I don't have product key" and "I don't have internet" and for all the fancy stuff I chose "no."
I even created only a local account, didn't login to any windows account.
But still... once the install finished (offline) and then I allow it to go online... Somehow the computer got the registry key from somewhere?
Is that normal? There wasn't even any watermark, while I was still offline.
Shouldn't that be there?
And once the internet cable was connected, I went to check the Settings -> Activation window: it says Windows 10 Home registered version.
I never wrote any key anywhere this install.

Also does it matter I have a OEM version on the DVD? The one I installed on top of the non-OEM version after the problem started.

There is clearly some residue of the problem somewhere.
I mean a clean install, after formatting the SSD, and before that flashing the BIOS... yet the browsers crash and the visual bugs remain, Norton crashes (although apparently it finishes in the background, according to Norton help desk.)
Recently Norton did another remote entry for me, yet they have found zero viruses. They even told me I might do well to contact Microsoft.
What could I be explaining to Microsoft... I have no idea.
And more to the point: what can Microsoft do to fix my computer...?
 
Last edited:

Kshipper

Posts: 545   +124
TechSpot Elite
At the part where you checked to see if it was activated and you were amazed that it got the product key on it's own...that is to be expected. That happens when the machine contacts the Microsoft update servers. That's why I had said don't put the product key in during the instal. Everything sounded good and you should be working on chipset - video - sound drivers for your make of PC or your mainboard manufacturer provides drivers however you launch into OEM DvD ...crashing browsers...Norton...how did all that get in there? From my perspective you should be good now.
 
Last edited:

bazz2004

Posts: 1,744   +293
In the past I've used paid for security solutions and some have not been a good choice for my particular computer. Norton, Spyware Doctor and Kaspersky are all products I tried for a while then found unsatisfactory despite the majority of reviews being fulsome. As for Norton I'd move on to something else and ask for a refund. It was pre-installed as a free trial on my present desktop and it still gives reminders that I need to renew my subscription. I've done my best to get rid of it but it's clearly not 100% gone.
 

Soup Stand

Posts: 18   +4
I contacted Microsoft after that, had a nice little chat with their representative throught their site. They were not surprised at all, when I told about my problems. Which in turn kind of surprised me - maybe there was something bonkers in some of Windows Updates of past... Their answer was to make sure to do all the updates. And use "winver" to check that the updates go through.
I have now done that, and the winver indicates all has gone through.
Which apparently didn't work before on some previous installs. So that's something.
I have yet to go test the system whether it's all good now.
There must have been something, and really sticky at that, that intervened with the update process. And the other thing could be, my hardware combo just was destined to have these problems, as long as the very latest Windows Update was not installed... Though these are just my takeaways from the situation for now anyway.
One good option might indeed be to be rid of Norton. And use something else + keep sure to not visit any suspicous sites, just to be on the safe side. This whole experience certainly made me more conscious of the dangers that lurk there - altough as a consumer the dangers are not as bad most of the time as I first thought. There are very, very few cases of actual kernel viruses for instances reported by consumers. Officially, probably none.
Companies face a whole different playfield though, as far as the news I've read lately are to be trusted.... (Capcom, CDPR etc.)
 
Last edited:

Soup Stand

Posts: 18   +4
Nope, all problems remain.
Can't even install Ubuntu Linux OS from USB stick - I get errors and install stops. Did it twice, formatted the USB in non-quick way the second time and strictly followed the Ubuntu tutorial.

Now I'm concerned... I'm feeling again it's either mobo has a killer virus or is broke - since the Ubuntu business should have nothing to do with Windows?
 
Last edited:

Soup Stand

Posts: 18   +4
Okay, got a brand new SSD, straight out of the box.
Didn't help. Took out the old one, put in the new and installed Windows 10 again.
Went through all the Win Updates, got the latest graphics drivers.
The same crashing browsers, same broken random browser still pictures.
Youtube wouldn't load properly, after hitting "refresh" a few times it finally loaded.
And the videos are again distorted...
So...

Either a broken/dying motherboard (even though it's barely a year old)..
Or a really badly infected and well-cloaked virus, that neither Norton nor F-Secure could find - even after taking a lot of log files for further study etc.

So, I'm looking at getting a new motherboard. That's just great.
 

Crinkles

Posts: 116   +112
I would disassemble that computer, pack the parts for mailing and sell every bit of it, including the power supply and case, tossing the cables in the trash.
There's too much going wrong to deal with a Frankenputer.

Hit Parts Picker and select ALL NEW products.
The list at that link is $1000, it's offset by what you can sell yours for and the peace of mind is priceless. If you have other things around to sell, list those too.

People will buy ANYTHING on Ebay/Facebook.