Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Machine will not boot- black screen with which mouse- PCIDump.sys virus has clobbered my machine..


  • Please log in to reply
4 replies to this topic

#1 LinkExchangers

LinkExchangers

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 29 May 2009 - 03:14 PM

I have spend the last 10 stupid days, all of which were stupid, trying to analyze what happened.
I thought it was a corrupted windows file. As it turns out, and I have examined my boot log file which I created, this file is a new virus, hxxp://vil.nai.com/vil/content/v_157111.htm
which was detected by Mcafee on 5/20/09. I have just updated my .dat file for my virus scan and I'm now scanning, again..... all 370,000 files on my seagate hard drive. This first time I ran the scan, there were about 24 files which were quaranteened. I'm not sure where they are placed.

My machine will not boot. Here is the boot log from ntbtlog.txt:

Service Pack 210 30 2005 12:13:01.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver PCI.sys
Loaded driver isapnp.sys
Loaded driver PCIIde.sys
Loaded driver \WINDOWS\System32\Drivers\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver Ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver Fdc.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver cercsr6.sys
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver drvmcdb.sys
Loaded driver dmboot.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\System32\Drivers\usbuhci.SYS
Loaded driver \SystemRoot\System32\Drivers\usbehci.SYS
Loaded driver \SystemRoot\system32\DRIVERS\USRpdA.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\drivers\pfc.sys
Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanatw4.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\MarvinBus.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\sthda.sys
Loaded driver \SystemRoot\System32\Drivers\usbhub.SYS
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\drivers\ssrtln.sys
Did not load driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys
Loaded driver \SystemRoot\System32\Drivers\Mpfp.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\system32\DRIVERS\serial.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\pclepci.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\mfehidk.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\Aspi32.SYS
Loaded driver \SystemRoot\System32\Drivers\HidUsb.SYS
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

As you can see, at the end of this file is the PCIDump.sys file. Even if the file is now gone, my machine doesn't boot. How do I get it back to boot into windows. All I get is a dark screen and no desktop. Should quaranteened files be deleted? Where are they located?

Edited by Orange Blossom, 06 June 2011 - 11:47 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:04:26 AM

Posted 29 May 2009 - 04:07 PM

Questions:
1. What version of Windows are you using?
2. What anti virus are you using? I see you mention McAfee but only in that they detected it (unless you're saying that YOUR McAfee scanner found it).
3. Have you tried booting into safe mode?
4. If its a virus, you know you were infected. Is there a way for you to scan that drive for spyware? (either hook it up in another computer, hook it up as an external drive to another computer, or create a boot disk with spyware scanning on it such as UBCD)
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#3 LinkExchangers

LinkExchangers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 29 May 2009 - 05:18 PM

Questions:
1. What version of Windows are you using?
2. What anti virus are you using? I see you mention McAfee but only in that they detected it (unless you're saying that YOUR McAfee scanner found it).
3. Have you tried booting into safe mode?
4. If its a virus, you know you were infected. Is there a way for you to scan that drive for spyware? (either hook it up in another computer, hook it up as an external drive to another computer, or create a boot disk with spyware scanning on it such as UBCD)


XP Professional
I used Mcafee hasn't detected it yet. It will take a whole day to let that run. I googled that pcidumb thing and I put the link above for your reference.
Safe mode doesn't work. It puts safe mode in white text on the 4 corners of my monitor and nothing else but a black screen
My concern is the registry of this machine. How am i supposed to clean that? My understanding is that all these registry cleaner programs work on the current registry of the operating machine. I have downloaded a few. I can't direct any of these programs to clean the registry of the external hard drive.

Is there a way to do this? This virus has probably added some program to the start up of windows and windows isn't recognizing it. Any ideas?

#4 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:04:26 AM

Posted 29 May 2009 - 05:35 PM

When it boots up normally, can you right click on the black screen and get a menu?

Also, when it boots up, can you CTRL-ALT-DEL to get the task manager? If the task manager pops up, click the NEW TASK button under the Applications tab. Type "control.exe" in the field and hit OK. That should start your control panel, and it may bring your icons back to your desktop. (That's me assuming that your black screen is actually your desktop without icons, taskbar, or background. I don't think this is the case and don't think this will work, but its worth a shot).
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#5 fairjoeblue

fairjoeblue

  • Members
  • 1,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:26 AM

Posted 29 May 2009 - 07:00 PM

If you have a virus that comes back & don't turn off System Restore before removing it the virus will probably keep coming back.
OCZ StealthXstream 700W,Gigabyte GA-EP45-UD3R , E8500, Arctic Freezer Pro 7, 3GB G.Skill PC8500,Gigabyte Radeon HD 4850 OC [1GB ], Seagate 250GB SATA II X2 in RAID 0, Samsung SATA DVD burner.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users