I am using Norton 360 as the virus and Malware defence for my Windows PC. In the last few months, I have experienced 5 times virus or malware-like attack disruptions to my PC. The last just occurred just last Friday (May 30). In each case, the icons (for running apps such as Windows Word) on my screen would disappear one after another. When I clicked on an icon which was still on the screen, an error message would say it was not connected. After a while, the whole computer would black out.

In each case, the only way I could get the computer running again was by tediously restoring it using a “system image” that I have saved periodically. And after each disruption, I had performed a full scan on my computer but found no virus or malware. In March (before my last disruption) I had even used Norton Power Eraser to scan my whole computer, including my two external hard drives, but also had found nothing. One special observation I have about these 5 attacks is that they all occurred on Friday or Saturday. I suspect it may be some kind of timed malware.

Fyi, my PC is Lenovo ThinkBook 14s-IWL with Intel i7 CPU, 16G ram, and 500 GB SSD. OS is Windows 11.

I will be really obliged if anyone can help me to solve my problem. Thanks

@James_Wong1 Hello and welcome to the forums. There are so many questions needed asking for any attempt to try giving you sound advice. So I will ask a few direct and specific questions in that regard. First and foremost, you should seek the assistance of a “local professional” to help with your issues. They will be able to see, what we cannot from this side and assist faster and with accurate advice. Questions are:

-What does your Norton history tell you regarding event it may have recorded about this?

• Does this occur ONLY, when you are connected to your personal network at home?
• Are you using a “shared” wifi network of any kind as your daily network at home?
• Have you recently or do you often connect the laptop to any public wifi networks?
• Have you checked your ISP and/or personal router devices for having their latest firmware, or,
  them not being supported and EOL ( END OF LIFE AND SUPPORT ) ? If so did you reset/change
  the factory default login for the routers, change wifi network SSID’s and passwords?
• Have you factory reset your ISP and personal routers?
• Have you checked the Lenovo website for the latest BIOS update?

https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkbook-series/thinkbook-14s-iwl/downloads/driver-list/component?name=Advanced%20Firmware&id=E0FA78C7-FDE8-4405-BC55-A122E5C596B6

• ** This is the one that bothers me most - You are restoring from a system image. There is the possibility that image may have the malware already there. You can order a factory recovery media at this link. I strongly suggest you do so and use it to restore a clean OS to your device.

https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkbook-series/thinkbook-14s-iwl/downloads

SA

Dear Guru,
Thanks so much for your prompt response to my query. Below are my answers to your questions.

1. Norton history did not record anything special at the time when the attack occurred (about 3 pm on May 30, 2025). However it did recorded a couple of special events - “Intrusion Signatures disabled” at other times, such as 10:15 pm.
2. I only use my PC (laptop) at home and connect it to my personal home network.
3. My wifi network is not shared.
4. I have not connected my laptop to public network.
5. I believe my ISP (Bell Canada) will update the firmware periodically. I had changed the factory default login and wifi SSID for the modem/router only when I received the modem/router over maybe two years ago.
6. I have not factory reset my ISP modem/router or personal router.
7. I think I have checked before and I have the latest BIOS update on my PC. Anyway I can check again.
8. I agree with you, my system image may have the malware hidden. I also plan to restore a clean OS (windows 11) on my PC. However I have one concern and need your advice. I am using MS office 2021 which I bought and downloaded from the web (not directly from MS) together with a valid product key. When I re-install the MS office 2021 after I have reinstalled my Windows 11, will the product key likely be valid again? Is the product key of the MS office already stored in my PC’s Bios like the Windows 11?
   Your reply will be much appreciated.
   James W

Thanks for the feedback. Answering your #8 regarding your Office 2021 product. When you activated the product it should have been activated against your Microsoft account. When you reinstall it it SHOULD activate again, follow the setup instructions. This guide will help you through that process:

When you posted:

1. Norton history did not record anything special at the time when the attack occurred (about 3 pm on May 30, 2025). However it did recorded a couple of special events - “Intrusion Signatures disabled” at other times, such as 10:15 pm.

This tells me that your are indeed under active attack and your computer has indeed been compromised. Malware is the only way intrusion signatures would be getting disabled. There are a number of avenues for malware to install. Pinning it down would be hard to do without a physical presence with the device to see what is happening in real time.

Going forward, my best advice is perform #5,6,7 steps BEFORE doing a clean reinstall of Windows.

SA

Dear Guru,
OK, I will heed your advice, and do the following:
5. Update my ISP modem/router firmware,
6. Factory-reset it, and re-assign my personal login password and SSID.
7. Check if I have the latest BIOS on my PC.
Then perform a clean reinstall of Windows 11.
I just wonder why factory-resetting my modem/router is important for fending off malware? Please enlighten me.
James W

I recommend the router route simply because, it is the most likely way your network became compromised. In most cases, and it varies with what malware may have gotten installed, restoring a factory image on the router should replace whatever was installed. Malware installs nefarious copies of software that appear as legitimate. There are some instances where, even a factory reset of a router/modem won’t keep the malware from returning. Replacing the device is usually the safest avenue in that instance. Factory reset your router then update its firmware to the latest available. Swap steps 5 and 6 to 6 and 5. Update your BIOS to its latest, perform a clean image install of Windows and lets retest.

SA

Dear Guru,
I tried to factory reset my modem/router and update the firmware, with the help of Bell Canada, but it turned out it didn’t work afterward, and I had to replace it with a new one. It is now working well. I have also updated the BIOS on my PC.
Unfortunately, today Saturday, just before I could go to the next step of installing a new copy of Windows 11, the malware struck again, and I am now in the process of recovering my PC from a system image again. Can you advise me:

1. How to download and install a clean copy of Windows 11? Can that be done via the Lenovo Vantage app, or is it better via MS website?
2. My other apps and data are still on the PC. Do I need to transfer all my data out first? Do I need to reformat the drive (and reinstall all the apps later) for a really thorough clean start?
   Your advice will be appreciated.
   Jame W

Dear Guru,
With some help from Chatgpt, I was able to complete a clean re-installation of Windows11. In the process, I needed to clean up all the partitions and files on the hard drive first. I am now re-installing all the apps (including Norton 360 of course). Hopefully the malware will not strike again. Thanks so much for your help.
James W

@James_Wong1 Thanks for the post back and my apologies for the tardy reply. Answering your questions: Please let us know what your progress is.

Note: I really would like to see a screenshot of the infection notice you are getting to see what you are seeing.

1- Copy your data and app to reinstall. Make sure you either already have your Windows 11 license key or can retrieve it because you are not reinstalling a Lenovo image.

2- I would download Windows 11 from this Microsoft site. Format the drive you are installing Windows on during the installation process. You will be getting a clean installation without all the Lenovo bloat:

SA