Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection Causing Constant Crashes


  • This topic is locked This topic is locked
1 reply to this topic

#1 srossi

srossi

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 28 April 2009 - 10:11 AM

I've been struggling with one issue after another with my PC for about a month now. The issues started with a Vundo trojan horse that prevented me from getting on any Internet sites. I was helped in your Malware Removal forum and given a clean bill of health and that problem was solved.

Unfortunately a new one began immediately as I began crashing and re-booting on a continuous loop, usually within 5 minutes of starting up if not immediately. We ran numerous anti-spyware programs and could find nothing wrong. However a later Crash Log Analysis revealed 2 problems again and again: file path: C:\WINDOWS\system32\drivers\vffilter.sys and file path: C:\WINDOWS\system32\ntoskrnl.exe.

Finally, a Prevx scan yesterday discovered 2 possible infections: WJQS.EXE in C:\WINDOWS\system32\drivers and VFIND.EXE in C:\WINDOWS, with further information about them at these links:

http://www.prevx.com/filenames/21291945141...1/WJQS.EXE.html

http://www.prevx.com/filenames/81733687999.../VFIND.EXE.html

Prevx will not remove without me paying for a subscription. I don't know anything about Prevx and I'm not sure if it's safe and if it will actually work. Last night I did use Prevx's information to scan my PC for the file name aliases and I discovered SVCHOST.EXE by manufacturer Корпорация Майкрософт and I deleted it, but my system still crashed again soon after. I couldn't find anything else. I'm looking for any information on how to proceed.

Furthermore, last night at a random point my firewall began preventing me from accessing any websites. I didn't modify my firewall settings at all. Instructions on how to change my firewall settings back to allow Internet access would be appreciated as well.

Thank you very much for any help or information you can provide. After trying to fix this for a month, I'm very close to the point where I'll either have to reformat or buy a new PC if I can't figure this out.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 PM

Posted 28 April 2009 - 12:31 PM

Jat90 assisted with your malware issues here and had you use Combofix. VFIND.EXE is a file associated with that version of Combofix and NOT malware. Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains. Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it.

WJQS.EXE appears to be malware so you probably were reinfected. Jat90 offered to reopen the topic if need be for malware related issues so you should follow his instructions for doing that.

Since you are already receiving help here, for the issues with vffilter.sys and ntoskrnl.exe, you can continue in that thread after finishing up with Jat90. It appears you are dealing with two separate issues but you need to address the malware first and not doing other things that JAT90 may not be aware of or that can complicate the disinfection process.

Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Thanks for your cooperation.

This thread is closed. If you have any questions, please PM me or another Moderator.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users