Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another BSOD - This Time showing Viruses


  • Please log in to reply
No replies to this topic

#1 ddeen25

ddeen25

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 31 December 2009 - 11:30 PM

Greetings -

Originally, this issue (topic) was posted in the Windows XP section, but because of new information, it was suggested that I move it to "Virus Help".

Brief information: My son's laptop, an Acer Aspire 3680/2682 with Windows XP Pro, SP 2 (2 years old) recently experienced a BSOD. This occurred as a consequence of three possible reasons: extended usage(overheating), RAM issues, and as we have come to discover, being automatically taken to a website while at another. Original BSOD message:

IRQL_NOT_LESS_OR_EQUAL
Technical information:
*** STOP: 0x0000000A (0x00000000,0x00000002,0x00000001,0x804F9B94)
__________
Cannot access Safe Mode (F8)
Cannot go back to the last known working configuration.
Cannot access Recovery Console.

I attempted to do a repair install, with an OEM XP Pro CD. Instead of the setup page, the partitions page came up with this info:

C: Partition1 (NTFS) 16,496 MB (989 MB free)
D: Partition2 (unknown) 59,820 MB (59,820 MB free)

Following suggestions, I did the following tests:
1) Did a Memory Test, using memtest86+ - both sticks are good.
2) HDD Test: Checked the HDD with Hitachi - Advanced Tests Results:
ATA WDC Serial #07A23545 Cache 8192 KB 80 GB Capacity
WDCWD800BEUS - 22RST0
Operation Completed Successfully
Disposition Code = 0x00
3) Create a Rescue Disc to retrieve computer data - decided to hold off doing this until I did #3. I have a 4.3.1. PuppyLinux Rescue Disc ready, with USB Drive.
4) Create a Rescue Disc for an anti-virus check. Used Avira, with the following results -4 trojans/viruses found:
Vundo.Gen:
--1.ALERT: [TR/Vundo.Gen]/ media/Devices/sda1/Documents and Settings/Michael-Paul/Local Settings/temp/update.exe.XXX <<<<Is This Trojan Horse TR/Vundo.Gen Not Removable
--2. ALERT: [TR/Vundo.Gen]/media/Devices/sda1/Documents and Settings/Michael-Paul/Local Settings/Temporary Internet Files/Content.IE5/5zz71G0O/2df7a0d7a05a02c7-274e96227752d222[1]exe.XXX <<<<Is This Trojan Horse TR/Vundo.Gen Not Removable
--3. ALERT: /media/Devices/sda1/WINDOWS/system32/spool/prtprocs/w3x86/219.tmp.XXX <<<<Is This Trojan Horse TR/Vundo.Gen Not Removable
--4. ALERT: [TR/Vundo.Gen]/media/Devices/sda1/WINDOWS/Temp/21A.tmp.XXX <<<<Is This Trojan Horse TR/Vundo.Gen Not Removable

Additional Not Removable Trojan/Viruses found:
Infected.WebPage.Gen
Dldr.Delphi.Gen (low threat?)
Patched.Gen1 (low threat?)

Additionally, a new BSOD message appeared: "Check for viruses. Remove any newly installed hard drive. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption. Restart Computer.
Technical Information:
Stop: 0x0000007B (OXBACCF528, 0xc0000034, 0x00000000, 0x00000000)"

...And the Recovery Console now works. Yet, it will still not allow me to do a CHKDSK /F.

It seems like a mess, but basically I'd like to get rid of the Vundo.Gen., create a partition on the D Drive, reformat it and possibly merge C & D (C Drive has very little space left).

Does anyone have any suggestions? Is there a way to use the Recovery Console for this? (Vundo.Gen is hidden, does not show in the dir here)

Thank you for any help.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users