Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans & rootkits. BSOD.


  • Please log in to reply
3 replies to this topic

#1 Valdr

Valdr

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 15 December 2008 - 06:12 PM

I have run into a bit of a snag trying to revive my computer that keeps getting a BSOD ~20 seconds after windows startup.

I am running XP SP3

"STOP: 0X0000008E 0Xc0000005 0xA12AFB75 0x9F0F47E8 0x00000000"

Here is what happened:

I was browsing the internet lastnight when my start bar and start menu changed from XP default to the 'classic windows' style. I restarted my computer and a few seconds after windows put me at my desktop I got the BSOD as described above. I booted up in Safemode then I attempted to open "Malwarebytes' Anti-Malware" however it would not open. I then opened 'SUPERAntiSpyware' using its alternate start (normal start would not open either) and scanned my computer. It came up with:

Trojan.Dropper/SVCHost-Fake
Rootkit.TDSServ
(with 57 entrys for the rootkit)

I removed them all (+ some tracking cookies) and then restarted. booting back into safemode
and was then able to open Malwarebytes Anti-Malware which came up with the following:

1 infected registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (trojan.Agent)

2 infected registry data items:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogo\userinit (Trojan.Agent) Data: C:\windows\system32\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogo\userinit (Trojan.Agent) Data: system32\

1 infected file:
C:\windows\system32 (Trojan.Agent)

all of which were 'Quarantined and deleted successfully'

I then rebooted and ran windows and got the same BSOD.

after some reading online I was told to use the minidump feature of XP to find what was left (I was told most likely a rootkit that I can't find). I was however unable to open the .dmp files. I searched and found I had to download a viewer (Horrible idea Microsoft) which I am unable to do due to the computer BSODing when im not in safe mode.

I am not sure what to do from here, can anybody help?

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:02:46 AM

Posted 15 December 2008 - 07:54 PM

I'm not sure but I think you can read the minidump files in safemode.
Maybe it's just me but I believe you infection and BSOD might just be coincidence. The error code is pretty generic and could mean a number of things. Most often it has to do with memory. Try re-seating the memory or try one stick at a time.
If you can access the dumpfile in safemode w/networking, post the log in the XP forum
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Valdr

Valdr
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 15 December 2008 - 08:10 PM

The trouble with the minidump files is that I don't seem to have anything to open them with.
When I boot in XP with networking I can't access the internet.


I have not opened my computer up since I built it, however I had a memory issue when I built it with one stick arriving DOA. I have been using just one stick. I will try re-seating it when my Scan finishes and will post results here asap.

#4 Valdr

Valdr
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 15 December 2008 - 10:28 PM

I re-seated my RAM a few times with no change. I am running memtest now.

Memtest ran without any errors.


I posted my minidump files in the XP forum here

Edited by Valdr, 16 December 2008 - 03:29 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users