Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Memory module infected


  • Please log in to reply
2 replies to this topic

#1 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:35 AM

Posted 02 March 2009 - 10:08 AM

Hello,
I am trying to reformat a friends computer. It is a real mess, so I do not want to clean it out. But when I try to run the xp-setup, it gives me a bsod with different messages, all including setupdd.sys. I can boot normally, setup loads files, I am asked what I want to do, press enter to setup, accept license agreement. When it asks me where I want to set up windwos, partitions etc, it show 4 unknown devices with unknown size, no harddisk, no partitions, after that, whatever I do, a bsod.
I googled this up and it seems to have to do with bad ram. My computer shows all disks and partitions without problems, so I figure it is not a hardware problem, but malware, preventing me from formatting/re-installing windows xp.
The problem is, that all works fine, ram test is fine. I ran several antimalware tools and mbam gave me one time (not the first scan) an infected memory module with a win32 trojan. It said delete on reboot, I rebooted and reran the scan and now it says the same. Sorry, I did not include the log, but I am afraid to use my usb-stick to copy the log, after what I was on that PC, I became a little paranoid.
Malwarebytes, run in normal mode, quick scan, reports memory module infecten with trojan downloader, c:\wiindows\system32\wmimgr32.dll and the file c:\windows\system32\wmimgr32.dll.
When I run the scan in safemode, it does not detect a thing.

I appreciate any help!!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde

  • Topic Starter

  • Malware Study Hall Admin
  • 61,252 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:35 AM

Posted 02 March 2009 - 02:35 PM

In time I also ran dr. Web, some 2000 infected files with win32.hllp.neshta and win32.sector.204800, file infectors, very nasty, but apparently cured. I ran windows memory test, no errors found. I ran also checkdisk, inclusive surface scan and it found some problems (as a result of file intection?). The problem still remains, I start windows setup, it still does not recognize any partitioned/unpartitioned space (I checked in my computer, 50 Gb partitioned and 100 Gb unpartitioned) and after any choice I make there (create, delete, setup) a bsod.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde

  • Topic Starter

  • Malware Study Hall Admin
  • 61,252 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:35 AM

Posted 03 March 2009 - 03:56 AM

Okay, shame on me. The problem is resolved and it was not a virus-problem but a SATA-hdd. I integrated the SATA-drivers with nLite and it works fine. In the proces I cleaned the whole computer, but still many programs were corrupted, so I didn't bother to fix it.
I am sorry for posting here, for it was not a topic for this forum after all.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users