Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Ntoskrnl Dancemat Fujack & Nasty Chinese Peripherals

  • Please log in to reply
2 replies to this topic

#1 beyond_me


  • Members
  • 8 posts
  • Local time:11:18 AM

Posted 16 July 2008 - 11:18 PM

Hi mods

I've got a good one for you!! I probably have a number of issues with my HP Pavilion dv4114AP which have not been addressed promptly enough.
Reason being I teach in a college in China (yeah! right) and the network there is filthy - absolutely crawling with malware. so each time I take a presentation I'm bringing home something horrible....

However, this week I bought a cheap gamecontroller which had a driver disk (unusual) the virus is actually on the driver - can you believe it?! BUT it took 2 days to be detected by AVG (Housecall & Kaspersky found nothing) strange?

It's a model 8101 - the brand escapes me ("e" -something it's made in Shenzhen,PRC) I threw the box away...... twin ps to pc Converter seems to be the main folder it dumped about 4 folders!! the only signature I can find in a setup.inf file is from GASIA International Ltd.

I think it's an 'old' virus & curable but I've had audio problems prompting me to ask for some stepwise ......errr steps as I think there may be some deep-lying registry problems (hunch - how do I find out?) Stranger still, I think it temporarily fixed my headphone socket - I only have right channel audio through phones ... the speakers are fine - I was going to open up the case to sort it out but 2 nights ago I had stereo phones I was so excited!!

I was actually going to keep this little beneficial virus - just for that reason :thumbsup: but last night's audio was back to right ear only (so it's not the socket!???!)

I'm going to do ANOTHER scan in safe mode now - and ask you lovely people to browse through my other aliments after you've had your morning coffee

3 weeks ago while I was cleaning up my files (music etc) to put onto a CD (don't want to use my external HD as that is also infected and has managed to lose a 30G partition!) I Got a BSOD about a missing ntoskrnl.exe ....

Now it's the end of term I'm physically quarantined from that place - I can get down to some diagnosis.
I've upgraded AVG to version8 (but didn't remove 7 first -should I have done?) It seems a lot more bulky & hungry than V7...
I FINALLY took Norton off my machine because I was suddenly getting millions of popups and warning
(yes I was running 2 AV's BUT AVG seemed to be taking care of everything on it's own for a couple of months - it was only when I brought home a couple of worms that Symantec started flagging the same files (mostly in the restore points) but was really going bananas - have I also just removed my only useful firewall?

Why I have been taking so long to do anything is because I can't boot up to see what's wrong.

the power button doesn't work - I lift the lid, press, nothing happens (I'm on AC power) It has happened about 5 times in the 7 months following my last post but never before..... I used to walk away, get a coffee come back & try again - it would boot up. Battery? well, mine won't charge up - BUT when I snap it in and then put in my AC cable I do get a brief flash from the power indicator - I have no idea!
So it had been an occasional annoyance -
But it's increased in frequency/intensity over the past 5-6 weeks dramatically not responding for hours - preventing me from doing any virus fixing which has been a real pain When I do get running the clock is wrong and it seems to have stopped when I first pressed the power button. The time difference corresponds to my downtime...... but not on every instance.

* however this problem has been decreasing dramatically in the last week - I'm guessing it's humidity, but the machine runs very hot -so it ought to be dry?

STOP PRESS I've just this second checked the virus vault for the names of the bad apps and now there's an infected file from AFT sysclean (I ran it last night to free up space on C: due to audio problem (only 7G free) Wasn't there before this has a worm/agentC (not fujacks)

I think I'll stop here & wait for what next ..... thanks :flowers:

Edited by beyond_me, 16 July 2008 - 11:28 PM.

BC AdBot (Login to Remove)


#2 frankie_4_


  • Members
  • 2 posts
  • Local time:04:18 AM

Posted 17 July 2008 - 04:44 AM

I was having lots of problems with spyware and malware, recently i downloaded and installed "Malwarebytes' Anti-Malware" it is a free download and an excellent bit of software. Additional to this I installed Spybot-search and destroy, again it is free and easy to use. Spybot informs you of any Registry changes and asks you is you wish to accept or deny. I rate them both very much. If you have a file/folder you cannot get rid of have a look for "Avenger", I had a file that was being used by another process so i tried all sorts of ways to stop/remove etc. with no joy. Avenger done this for me. Since using these three bits of software i have remained trouble free.

Hope this helps you mate


#3 beyond_me

  • Topic Starter

  • Members
  • 8 posts
  • Local time:11:18 AM

Posted 17 July 2008 - 10:47 AM

Frankie , yes - good call
Now I'm off work for a few weeks I can start to give my machine some TLC & Malwarebytes certainly will be on my 'to do list'

However - unlike many posters here I really don't get much (if any) bother with my browser; e.g. pop-ups, changes to home page, or being re-directed except ONCE 3-4 weeks ago around the time Norton 'woke up' & started going crazy. I was trying to log onto my UK bank at the time which got me quite paranoid (but I've now got nothing in that account so that's ok ! )

Perhaps the Great firewall of China stops a lot of this? Also stopped me looking at spankwire too - bah! although that's probably for my moral & PC well-being :thumbsup:

Performance - High ping (300+ I'm on cable but it used to be 170 max) not switching on (although this week it's been fine) audio & the occasional BSOD are my issues. And I do have viruses so I'd like to eliminate those as the cause before considering Hardware fixes.
CPU useage is too high really and now has a lot of red in the Task Manager meter even when idling at less than 30%, - it's doing it right now - when before it used to be all green (what does that mean?)

Part of my reason for posting was also to alert people to that virus embedded in what I believed to be OEM software - absolutely shocking really - and to raise awareness of my plight here in China where I can't really trust anyone to look at my machine (they have hacker schools out here you know - using the internet in this way is seen by some as "patriotic" - WTF!)
HP service centre won't look at my machine without "special permission form Beijing" as I bought it in Hong Kong - downtown HK is only about 20kms away (& I they also don't know what they're doing - their 'solution' to anything seems to be "get a new HDD")

What I DID do today was get rid of the drivers & folders for the gamepad, scan with AVG in safe mode which wasn't altogether satisfactory.

Using the administrator account threw up a lot of locked files - is that normal? seems counter-intuitive to me especially when I ran it again as "me" - my own user account with admin rights and the scan checked MORE objects/files** and checked the HKLM thingies at the beginning - all at a fair speed I might add.

Off to bed now - tomorrow more reading, house keeping and a fiddle with Recovery Console now that I've finally found my XP disk

**PS Scanning with AVG is taking much longer than it did 2/3 months ago the 'record' for Version 8 on it's first run was 6 hours!!!! (I generally scan off-line too in fact if I'm not browing I disconnect the network cable - wireless is deactivated too) what is also counter intuitive is the variable number of objects scanned - it goes up & down day to day - again I might expect an incremental increase in files checked since I'm getting daily updates & restore points are created but to have 66,000 one day and 46,000 the next (one was done in 7mins!!!! way too fast?) seems odd - is this a symptom of 'something' or should I ignore?

sorry this is a bit of a potpouri of probs that don't seem to belong here, but I'm certain the source is nasty code from my college via my USB stick

Edited by beyond_me, 17 July 2008 - 11:08 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users