Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New hard drive doesn't help!


  • Please log in to reply
4 replies to this topic

#1 portac

portac

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 11 January 2010 - 09:47 PM

I believe my daughter got something on her computer. It started with security alerts from Norton and Windows. Evidently it graduated to the point that Norton will not load up. MBAM would not install even if I tried to change the program name. As I have been down this road before, I put in the Windows XP disk and rebooted with the intention of reformatting and reinstalling the OS. I get a blue screen saying "A problem has been detected and Windows has been shut down to prevent damage to your computer" and then it instructs me to run chkdsk /F. Since I the hard drive on this computer was a bit small anyway, I bought a new 1TB hard drive. I started up the PC with the XP install disk and I get the same blue screen message. I checked the XP install disk with another PC to see if the virus had written something on the disk, but it doesn't look like the dates on any of the files were updated.
Could this be a BIOS virus?

BC AdBot (Login to Remove)

 


#2 Commander Chip

Commander Chip

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 11 January 2010 - 10:24 PM

What is the actual blue screen error you are receiving?

Please post the error that is reported usually this is located around the bottom of the blue screen.

#3 portac

portac
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 12 January 2010 - 08:36 AM

STOP 0x0000007B 0xF78D2524 0xC0000034 0x0000000 0x0000000

#4 Commander Chip

Commander Chip

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 12 January 2010 - 06:58 PM

Alright, looks like one of two things. The hardware is having a hard time communicating with motherboard and/or you have a boot sector virus.

First things first:

Please try to reset your BIOS settings to default. I am not sure the make a model of your laptop but you can usually enter the BIOS by hitting F2 or F10 upon boot up of the device. If this does not work look for a message that will be displayed on the screen when the manufactures splash screen is displayed. once in the BIOS select restore factory defaults .

If you are not sure of the first step please stop and let me know I will try to help you with more information.

Second if the first step does not work:

1. On start up (Splash Screen), press F2 or F10 to enter BIOS

2. Expand the "Drives" section

3. Go to "SATA Operation"

4. Change this from "RAID Auto/AHCI" to "RAID Auto/ATA"


Please let me know what happens, I have one more thing you can try but I would like to make that the absolute last resort.

#5 portac

portac
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 12 January 2010 - 10:33 PM

Before I had a chance to see your reply, I reinstalled the original hard drive and I did get MBAM to run.
Here is the report:

**********************************************************************************
Malwarebytes' Anti-Malware 1.44
Database version: 3552
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/12/2010 8:00:21 PM
mbam-log-2010-01-12 (19-59-57).txt

Scan type: Quick Scan
Objects scanned: 131689
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\H8SRTgpkiorybme.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\H8SRTgpkiorybme.dll (Trojan.Vundo) -> No action taken.

*******************************************************************************

MBAM is not removing the virus as I get the same thing when I reboot and rerun MBAM.
I downloaded Norton's Trojan.Vundo removal tool (Fix Vundo) and I get the following report:


*******************************************************************************
Symantec Trojan.Vundo Removal Tool 1.5.1
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.

C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: (not scanned)
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: (not scanned)
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine: (not scanned)
C:\System Volume Information: (not scanned)

Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 73154
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral processes suspended: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0
********************************************************************************

But this is not fixing the problem as when I rerun MBAM it still identifies the same problem.
Thanks for your help.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users