Blue screen after log-in and PC reboots

Discussion in 'Malware Help (A Specialist Will Reply)' started by frankie4dita, Sep 2, 2009.

  1. frankie4dita

    frankie4dita Private E-2

    2 days ago my PC started behaving in this way, soon after logging in into Windows I got a blue screen error page and the PC reboots. I finally managed to run MBAM and it gave me a Rootkit.Agent infection of the file C:\WINDOWS\system32\drivers\str.sys. It goes for cleaning, it tells me to reboot, and if I run MBAM again I always find the same result. Now I'm not getting the blue screen every single time I log in, but sometimes my PC reboots. I ran all the test in the guide, the logs are attached.
     

    Attached Files:

    frankie4dita, Sep 2, 2009
    #1
  2. frankie4dita

    frankie4dita Private E-2

    MGTools logs
     

    Attached Files:

    frankie4dita, Sep 2, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This file is just part of Daemon Tools that you have installed. If you want you remove the file permanently, you will have to uninstall Daemon Tools.

    MGtools did not run properly. Did you have any problems while running it? Let's fix a few remaining problems and run a new scan.



    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Sep 6, 2009
    #3
  4. frankie4dita

    frankie4dita Private E-2

    I disinstalled Daemon Tools and that fixed my blue screen problem (and MBAM does not find the problem anymore). Thank you!

    Anyway I'm still experiencing some problems, don't know if related to malwares:
    1) every time I use Mozilla Firefox and close it, the process firefox.exe remains active, and I cannot open a new instance of it before killing the process from the task manager. (It does not happen if I open Firefox and I close it without opening any website). Some websites do not "work" properly, they do not load the pages (without errors though).
    2) sometimes (1 in 2 I'd say) Windows freezes during the booting process, right before the login page.

    Attached you can find the requested logs.
     

    Attached Files:

    frankie4dita, Sep 7, 2009
    #4
  5. frankie4dita

    frankie4dita Private E-2

    SOS!
    Someone stole important login informations and scammed me. Could you please help me? My system is compromised, should I format my hard drive?
     
    frankie4dita, Sep 10, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then you should read the below links which cover this topic quite well and there is no sense in us rewriting similar ones:

    How to report ID theft, fraud, drive-by installs, hijacking and malware?


    When should I re-format? How should I reinstall?

    In reality if you are sure that you have had information stolen like passwords....etc. You would be better served formatting and reinstalling which is the only real way to make your PC trustworthy. Leave off the gambling site programs next time too.
     
    Last edited: Sep 14, 2009
    chaslang, Sep 14, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds