Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Error


  • Please log in to reply
11 replies to this topic

#1 Anderea

Anderea

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 04 August 2007 - 12:40 PM

i'm new to bleeping computer. and my computer keeps getting a blue screen that says there's a system error and i need to restart the computer and if i keep getting the message then i need to press F8 for booting options. i had someone look at the computer and he said to use this site because he thinks its a configuration problem. so i did a panda scan thing and this is the log i got...

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-08-04 12:21:17
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020937 adware/statblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c68ae9c0-0909-4ddc-b661-c1afb9f5ae53}
00029264 adware/beginto Adware No 0 Yes No c:\windows\system32\cache32_rtneg4
00029424 adware/cws.searchmeup Adware No 1 Yes No c:\windows\system32\bose.ico
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
00063620 adware/ilookup Adware No 0 Yes No c:\windows\system32\xbox31.ico
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\GhettoPrincess\Cookies\ghettoprincess@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\DobbinsFam\Cookies\dobbinsfam@doubleclick[1].txt
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\GhettoPrincess\Cookies\ghettoprincess@2o7[1].txt
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\DobbinsFam\Cookies\dobbinsfam@2o7[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\DobbinsFam\Cookies\dobbinsfam@toplist[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\GhettoPrincess\Cookies\ghettoprincess@www.burstbeacon[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\GhettoPrincess\Cookies\ghettoprincess@go[1].txt
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\DinerDashSetup-dm[1].exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\DobbinsFam\Cookies\dobbinsfam@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\GhettoPrincess\Cookies\ghettoprincess@atwola[1].txt
00511607 Adware/VideoActiveXObject Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1003\A0196437.exe
00520936 Application/ViewPoint HackTools No 0 Yes No C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
00958505 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
01236483 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\Morpheus\morpheustoolbar.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 04 August 2007 - 09:24 PM

Hello Anderea,welcome to BC.. I believe you can get to the internet to do scans and you have MywebSearch this will be slowing you down. Do 2 things Download,install,update then scan Pc with this SuperAntiSpyware -. Scan from Safe Mode

Then post a log in the HiJackThis forum by following these instructions Preparation Guide for use before posting a HijackThis Log . Post that HERE by clicking on "New Topic."
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Anderea

Anderea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 06 August 2007 - 02:15 PM

i did the scan but it won't let me copy the info. and my computer doesn't let me restart it nd go to safe mode. when i tried the blue screen kept coming up. so i had it go to the last way it worked and it said there was a system error and this website came up: http://wer.microsoft.com/responses/Respons...21-70f2b5354ae9

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:05:49 AM

Posted 06 August 2007 - 05:29 PM

Another issue that you have is the Morpheus software, the fixes that are being given you may not work as long as this software is installed.

Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

Please uninstall the morpheus program. DO NOT restart your computer if it asks you to.

Instead,

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 Anderea

Anderea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 07 August 2007 - 12:21 AM

how do i get rid of morpheus? i tried going to remove/change programs but it wasn't in there.

#6 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:05:49 AM

Posted 07 August 2007 - 12:30 AM

Using windows explorer, navigate to C\:Program Files\Morpheus, and look for a file called Uninstall or unwise in that folder. double click on the file and that should run the uninstall program.

Edited by oldf@rt, 07 August 2007 - 12:31 AM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#7 Anderea

Anderea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 07 August 2007 - 12:45 AM

when i go there there isn't an unwise or uninstall thing to click. there are folders..."bar" & "popswatr"

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:05:49 AM

Posted 07 August 2007 - 01:16 AM

Looks like it is mostly gone now, any how right click on each of those folders, and then click delete. after that is done, empty your recycle bin. then go back and try to run the bitdefender scan.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 Anderea

Anderea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 07 August 2007 - 09:59 AM

ok i tried that and one folder will not delete

#10 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:05:49 AM

Posted 07 August 2007 - 02:24 PM

Have you run bitdefender yet?, if not please run it.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#11 Anderea

Anderea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 08 August 2007 - 03:00 PM

BitDefender Online Scanner



Scan report generated at: Wed, Aug 08, 2007 - 15:53:32





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
01:27:49

Files
446105

Folders
9215

Boot Sectors
4

Archives
15001

Packed Files
17331




Results

Identified Viruses
1

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2




Engines Info

Virus Definitions
690261

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Panda Security\TotalScan\pskahk.dll
Infected with: Generic.Malware.SIMDWYNVdprn.172A39DE

C:\Program Files\Panda Security\TotalScan\pskahk.dll
Disinfection failed

C:\Program Files\Panda Security\TotalScan\pskahk.dll
Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1082\A0219899.dll
Infected with: Generic.Malware.SIMDWYNVdprn.172A39DE

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1082\A0219899.dll
Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1082\A0219899.dll
Deleted

#12 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:05:49 AM

Posted 08 August 2007 - 03:40 PM

From what I am seeing, I believe that you should post a hijack this log:
  • A new version of HijackThis has now been released, so before you post your log please download and install the new version
  • download the installer for Hijack this, and save it to your desktop.
  • Double click on the HJTinstall to run the installer.
  • Agree to the install.
  • Agree to the license agreement.
  • Hijack this will then open.
  • Click on the do a system scan and save a logfile.
  • notepad will open with your log.
  • Please post the contents of the Hijack This Log here.
  • Post in this thread if you haven't received an answer in five days.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users