Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A blue Screen that states a problem has been detected during logon


  • Please log in to reply
8 replies to this topic

#1 scvfd_7241

scvfd_7241

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 October 2009 - 03:46 PM

I have had a problem with my computer to begin with there was a virus that was blocking some exe files from running, such as for internet explorer, firefox, and all antivirus and malaware programs. Programs such as word, solitare, and notepad were fine. I read on this websit and a couple other of people having similar problems to mine therefore I tried everything. Finnally I tried Combofix, and got it to work by changing the file to winlogon.exe and running it off a flash drive. After that I ran Malwarebytes off the flash drive. Both programs found infected files and deleted many files. At this point my computer seemed to be working great. The interent was working and all, so I then Proceeded to download Avast Antivirus program, however the computer stated that the setup could not be completed due to insufficient rights or such. At that point I restarted the computer and then downloaded a uninstall program from Avasts website to unisntall the avast program that was currently on my computer and out-dated. I ran the uninstall and it stated that the computer needed to be restarted to complete the uninstall. So I restarted and then went back onto Avasts website to download the Antivirus program and recieved the same message. I check to ensure that I was logged on as the administrator, and I was. So I then logged in as Administrator and it still did not work. I then restarted the computer and then is when I started getting a blue screen during login. The blue screen state:

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears agian, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe mode to remove or disable componets, restart your computer, press F8 to select Advanced startup Options, and then select Safe Mode.

Technical Information:

*** STOP: 0x0000008E (0xC0000005, 0x829BA8EC, 0XF8993970, 0X00000000)
*** 0000168D - Address 829BA8EC base at 829BA000, Datestamp 4aa13ea5

Begging dump of physical memory
physical memory dump complete.
Contact your system administrator or technical support group for further assistance


***END OF MESSAGE***

The numbers under the technical information have been different each time I have restarted after recieving this message. I am able to restart and enter into SAFE Mode. After doing that I ran the Malwarebytes Anti-Malware program and found 2 more infected files, and the program deleted them. However the program stated that it needed to restart to complete the removal, so I restarted and recieved the above message. I have the Logs from both time the Malwarebytes has been ran and when Combofix was ran if needed. Wha can I do now.

BC AdBot (Login to Remove)

 


#2 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:06:04 AM

Posted 29 October 2009 - 04:10 PM

Everything is pointing to the computer still being infected. When you are logged in under an admin account but get an "insufficient privlidges" message that usually indicates something is stopping you. I would log in via safe mode, run Malwarebytes and SUPERAntiSpyware, remove what they find and then log back in through the regular mode and run the scans again.

BSOD can also indicate an infection......
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 scvfd_7241

scvfd_7241
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 October 2009 - 05:01 PM

I have tried to download SUPERAntiSpyware and Avast by loading them onto a flash drive, and by renaming them and loading them on a flash drive. Both ways the setup still shows that the administrator has "policies" to prevent the installation.

#4 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:06:04 AM

Posted 29 October 2009 - 05:03 PM

Is that in safe mode or regular mode? I would try running Malwarebytes first. Let us know if you are able to run that.
DJ Digital Gem

I gave up on computers and now I just DJ!

#5 scvfd_7241

scvfd_7241
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 October 2009 - 06:39 PM

I am working in safe mode, due to that being the only way that I can get into windows currently. Also I have ran malwarebyte's it is finding 2 files to be infected they are (with there vendor names):

c:\windows\system32\drivers\str.sys Rootkit.TDSS
c:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP0\A0001006.dll trojan.agent

Also the first time that I ran Malwarebytes after getting the blue screen, it found the files below infected. Both of these scans were in safe mode.
c:\I386\GTDownDE_87.ocx Adware.Gdown
c:\windows\system32\drivers\str.sys Rootkit.TDSS


I have manually deleted c:\windows\system32\drivers\str.sys and the other 2 files were quarantined and deleted by malwarebytes

I am now starting a third scan in safe mode, it is taking about 50 minutes to run these scans

thanks for the help

#6 scvfd_7241

scvfd_7241
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 October 2009 - 10:22 PM

The third scan in safe mode came back once agian with the file:

c:\windows\system32\drivers\str.sys Rootkit.Agent

#7 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:06:04 AM

Posted 30 October 2009 - 03:21 AM

I would run SUPERAntiSpyware next.
DJ Digital Gem

I gave up on computers and now I just DJ!

#8 scvfd_7241

scvfd_7241
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 30 October 2009 - 07:01 AM

I have tried to load the SUPERantispyware, however it still gives me a message that the administrator has policies preventing the installation. Is there a way that I can Install the SUPERAntiSpyware on my flash drive on a seperate computer, then put the flash drive into the infected computer and run it?

#9 scvfd_7241

scvfd_7241
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 05 November 2009 - 06:37 PM

Thanks For the help, I have finally resolved the problem using Micrsoft malicous file remover.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users