Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD with malicious intent.


  • Please log in to reply
4 replies to this topic

#1 Harley Q

Harley Q

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:PA
  • Local time:11:24 PM

Posted 28 November 2009 - 01:29 AM

Well. I know how it happened I just can't reverse it or get into Windows XP to do anything. And this post will probably result in just getting advice on what to do if nothing can be done.

The day before it had Blue Screened my Malwarebytes Anti-Malware program detected a false positive, Logon.exe was infected among other files I nonchalantly just glanced at. Knowing that it was a false positive I had hit close and just bypassed it with intentions on going back to it later after I was done with work to inspect further which was a bad move on my part. Windows rebooted itself after updates were installed and when I had went to boot it up again it loads through to the Windows logo and then I get the blue screen with this:

STOP:0x0000007B, 0xF7908528, 0xc0000034, 0x00000000, 0x00000000

I have tried rebooting in safe mode and with last known good config but nothing is working and it redirects me to the BSOD

Now with that being said, All of my work is on that hard drive and as an artist I need it to be recovered. Now if there are no possible solutions to do it myself with instruction to save the data I do have on there and recover the drive from error would it be worthwhile to go to DTI DATA and pay the $349 charge to recover it?

I ran RC and chkdsk /r and it took care of the 0x7B error, I keep getting another error 0x24.

Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 28 November 2009 - 07:26 AM

First, you data is probably not gone. There are a lot of ways to get it off but most require another computer or booting from a rescue cd either linux based or PE and having an external drive of some sort. Let us know what you have and we can point you towards various methods.

Second, why did you assume logon.exe was a false positive? It is fairly common as part of rogue antispyware and antivirus programs.

So tell us what computer and peripherals you have handy and we can tell you how to back up your files.

Then, assume you are infected. When your data is safe the moderators will move you to the "Am I Infected" forums for expert help if you don't get the help you need in the other web sites you have posted this on.

#3 ictdesk

ictdesk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:24 AM

Posted 28 November 2009 - 10:26 AM

I would first make sure I have my data safe, for that I would:

- download the Ubuntu ISO (www.ubuntu.com)
- burn the ISO on a cdrom with deepburner (www.deepburner.com)
- boot from the cdrom and make sure you select the boot LiveCD option (don't install Ubuntu)
- when the LiveCD Ubuntu is booted I would copy all important data to a large USB stick, probably in parts if you have a lot of data

After making sure I have all my data, I would try to find the solution to get the system working again. If all fails, reinstall.

But make sure your data is safe first, before you try any more suggestions.

Kindest regards,
Marcel

EDIT: Commercial link removed

Edited by garmanma, 28 November 2009 - 10:33 AM.


#4 Harley Q

Harley Q
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:PA
  • Local time:11:24 PM

Posted 28 November 2009 - 05:29 PM

Thank You so much, I was able to boot up using Puppy Linux and pull all of my data off. All $2k worth. I'm a photographer and most of my clients would have been very, very, very distraught and angry. As for why I assumed it was a false positive like I had stated in my Introduction I am a hardware geek and I am not very skilled in the files of a computer or the system I just built them. Also after Malwarebytes had cleaned the file and deleted it, thats when I couldn't log on. So i assumed that was either a major windows file that was either blocked or corrupted.

#5 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 30 November 2009 - 09:58 AM

While malwarebytes is good and we use it here extensively (possibly because it is free AND has good update and detection) no antivirus or antimalware, free or paid, can both clean and repair every infection automatically. If you find one buy stock in it. Some malware that can be cleaned just seems to triggers hidden rootkits that do more damage.

If your data is now safe, you can ask to be moved to the "am I infected" forums and get expert help, or you can cut your losses and spend some time reloading and reinstalling software to get a known clean system.

If your computer is working enough to get your project out the door, or you have another computer that can be turned to the task, then you can wait until you have the time to take on either option.

I have to assume this episode has made you rethink your overall backup strategy.
I consult with an art wholesaler and their backup system allowed them to stay in business by running out of my garage when a city water main flooded their building and they were without power for 3 weeks. They backup 6TB of images to two onsite locations and one offsite. I keep periodic images of their production graphics machines OS drive (they have mirrored data drives) on one of my servers so I can reinstall quickly in case of a crash n burn.

You don't have to go that far but if your data IS your business, ya have to do something effective.

Spare computers and drives are insanely cheap compared to a decade ago and off the charts by 1990 standards.

Backup on the cheap can be attained. Computers are thrown in the landfill everyday that are perfectly adequate as a file server running linux or even xp And both free and commercial backup programs can be adequate to backup data directories while you sleep.

Let us know what you decide.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users