Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got A Nasty One


  • This topic is locked This topic is locked
1 reply to this topic

#1 btcomm

btcomm

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 17 May 2008 - 12:47 AM

Ok, this computer was infected like crazy, rootkits, spyware, adware, trojans.

Anyway, I got rid of most of it with various things, I started using superantispyware it found a trojan.dropper/base

File is BASEMRE32.DLL in the system32 folder and here is thing with this one. Never ran into this before.

I told superantispyware to remove it. It told me I had to reboot and I did. When booting back up I get this message on a blue screen before windows will boot up.

stop: 0000135 {unable to located component} basemre32


I can't do anything on the blue screen, only thing I can do is turn it off. Tried safe mode same thing.

I was able to get the file back from quarantine and put it back. System boots up again, where in the world is windows referencing this file?!

How can I remove that reference so that when windows boots up it will not complain when that file is gone?

Hijackthis log does not reference this file at all, I searched the registry for this file name and came up with nothing.

Edited by btcomm, 17 May 2008 - 12:50 AM.


BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 17 May 2008 - 04:30 PM

:thumbsup: may we pleae know your windows version and your antivirus protection?
what programs HAVE you tried?
can you rerun superantispyware and post its log for examination ?

also have you yet tried asquared


http://www.emsisoft.com/en/software/free/

the exe is http://download6.emsisoft.com/a2FreeSetup.exe

install it, fully update the definitions reboot and run a DEEP computer scan;

let us know what IT finds? it will give you the option to quarantine anything it finds? I suggest you take that option 'just in case'

Closed thread because of active HJT log. Due to time length involved, decided not to post reply to this thread. ~ OB

Edited by Orange Blossom, 31 May 2008 - 08:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users