Malware issues...may be causing BSOD?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by G1_Queen, Jun 12, 2009.

  1. G1_Queen

    G1_Queen Private E-2

    It wasn't until Norton detected Trojan.Vundo and W32.SillyFDC virus that I started to get the Blue Screen of Death (BSOD)!!! So I'm not sure if I have two separate issues going on...Malware and Hardware issues.

    I ran the Read Me Run Me First and had all kinds of garbage on my computer: Worms, Trojans, Adware, Rogues, Cracks, Keygens...you name it my desktop has/had it!!!!

    I'm still getting the BSOD after running Read Me Run Me, and I have attached the logs (I hope)...I can't use desktop so I had to transfer the files onto USB. Not sure if the all the viruses and trogans and stuff are clean...I suspect they are not.

    I can only work in safe mode, and for about 1 hour 30 mins max. Also, I couldn't so a full scan using SuperAnti Spyware in safe mode, got the BSOD 1 hour and 35 minutes into the full scan. Therefore, I was only able to perform a quick scan.


    I seriously need help, I don't know what else to do beside throw the computer away! I thank you for your time and assistance in advance :)
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I don't see Norton or any other protection installed. Did you uninstall them. There are left overs from them that we will clean up below.

    Could be hardware issues especially if you consistently are shutting down after about an hour and a half. How old is this PC?

    What do you mean by this? Do you mean it cannot connect to the internet at all?

    Why? What happens when you boot in normal mode?

    Your log from ComboFix shows it did not run properly since it is too incomplete to be of any use. What happened when you ran ComboFix?



    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [Power2GoExpress] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    After clicking Fix, exit HJT.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Jun 17, 2009
  3. G1_Queen

    G1_Queen Private E-2

    Thanks for your time and assistance.

    Yes, I uninstalled Norton because after my first scan I kept getting and error message, and couldn't update it...

    I can only work in safe mode and only for 1 1/2 hours max. When I log on in normal mode, by the time everything loads up, the system freezes and I get the BSOD with the message: MACHINE_CHECK_EXCEPTION, and I began to get this message only after Vundo was detected on my system. If I am lucky I can access the internet for about 5 minutes in normal mode, before getting the BSOD...

    I'm almost positive I have hardware issues as well. But my main concern is making sure all the malware is off my system, and making sure the malware is not the cause of the BSOD. :)

    I followed your instructions, and I have attached the 2 files requested.
     

    Attached Files:

  4. G1_Queen

    G1_Queen Private E-2

    P.S.

    I have restarted my computer in normal mode at 10:49:30am e.s.t.

    At 11:08:41am e.s.t. my system became non responsive. I did nothing but let the system load in normal mode and sit at the destop screen.

    As of 11:22:20am e.s.t my system is still nonresponsive and the desktop is still viewable, and I have not been hit with the Blue Screen of Death...yet
     
  5. G1_Queen

    G1_Queen Private E-2

    Update:

    40 minutes has passed since my system has become non-responsive, no blue screen of death as of yet...manually shutting down system...waiting for any further instructions...

    :)
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not answer my question about running ComboFix. I need an answer.

    Also your new logs show that you did not fix anything I asked you to fix with HijackThis. Did you run it? Did you remember to click Fix checked?

    Most likely software, driver or hardware issues. You should capture an Even Viewer log and exact word for word error messages and error numbers and post them in the Software Forum. There is nothing in your logs that would indicate any malware issues.
     
  7. G1_Queen

    G1_Queen Private E-2

    Yes, I did run ComboFix. It froze after completing stage 33, in safe mode with networking...Reran again and the Microsoft Windows Recovery Console was installed successfully, and it completed successfully.

    Also, I did run HijackThis as instructed, I did remember to click Fix checked. I don't understand why the logs are showing that I didn't. I even wrote down everything I did so I wouldn't miss anything and checked off all steps that I compeleted as I went along.
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Attach the log.

    I took a closer look at your log and some of the time stamps of what was run when are out of sync. The HJT log may be from before you fixed the items. Run C:\MGtools\GetLogs.bat again and wait for it to finish. Then attach the new MGlogs.zip file.

    Have you posted your Even Viewer log in the Software Forum as I suggested?
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds