Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen After Malware Bytes Scan


  • This topic is locked This topic is locked
30 replies to this topic

#1 Domo!

Domo!

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 01 April 2010 - 12:01 AM

Hi, I've got a strange problem. After some time on the interent the other day I clicked on a link to a site that gave me one of those faux "Microsoft Anivirus" pop-ups and closed it. I ATF Cleaned my computer and then ran Spyware Doctor and Malware Bytes to make sure I was clean. Spyware Doctor found nothing and Malwarebytes found 3 infections under Microsoft Antivirus. I went to remove and was prompted to reset and when the computer went on to start windows again I got a blue screen and this message.:

A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Disable or uninstall any anti-virus, disk defragmenation or backup utilities. Check your hard drive configuration, and check for any updated drivers. Run CHKDSK /F to check for hard drive corruption and restart your computer.

Technical Information
STOP: 0x00000024 (0x001902FE, 0xF7AAD3FO, 0xF7AAD0EC, 0x87441889)

After I got this message I went to do a disk repair with the Microsoft XP boot disk, and when I selected repair the computer froze. I also tried all safe modes, and last known good configuration and before it arrives to start Windows it blue screens. I'm at wits end, any help is appreciated.

BC AdBot (Login to Remove)

 


#2 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 07 April 2010 - 12:02 AM

I've been trying to work out the problem using the bootdisk ubcd4win and running SuperAntiSpyware and Spybot Search and Destroy. SuperAntiSpyware deleted some of the found problems and Spybot Search and Destroy found and removed some but when I re-run the Spybot the same infection it said was deleted returned. I think In may have narrowed down my computers solution to these files.

Microsoft.Windows.System: [SBI $51373AEE] Settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage

Microsoft.Windows.System: [SBI $51373AEE] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage

Has anyone else approached or have seen a problem like this. It seems like a flawed registry error that makes a comeback after the killl. Thanks in advance for any help anyone can provide.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 07 April 2010 - 12:13 AM

Can you actually boot into Windows?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 07 April 2010 - 12:21 AM

No, on a normal start-up, whether to safe mode, last known good, or even normal as the Windows XP logo with the loading bar under it shows I get the blue screen.

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 07 April 2010 - 12:26 AM

I'll ask one of our Malware experts to have a look.

Hang in there.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 07 April 2010 - 12:32 AM

Thank you. I'll be hangin' until then.

Edited by Domo!, 07 April 2010 - 12:56 PM.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 AM

Posted 08 April 2010 - 01:12 PM

Hi Domo,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

If the problem is not resolved yet please update me on the current condition of your computer.

#8 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 April 2010 - 02:05 PM

I agree fully! Let's do it.

The status of my computer is the same. When the Windows XP logo appears and the loading screen starts it hits the blue screen and gives the same error message I wrote down in the first post.

Edited by Domo!, 08 April 2010 - 02:07 PM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 AM

Posted 08 April 2010 - 02:27 PM

  1. On the working computer please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:


    CODE
    @ECHO OFF
    dir /a/s c:\atapi.sys c:\iastor.sys >log.txt
    reg load hklm\99 c:\windows\system32\config\system
    reg query hklm\99\controlset001\services >>log.txt
    reg unlaod hklm\99
    start log.txt

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: your flash drive
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.


  2. Use your ubcd4win to boot.
    • Insert your flash drive.
    • Go to look.bat to run it by double-clicking.
    • A notepad opens, copy and paste the content (log.txt) to your reply. A copy will be saved on your flash drive.



#10 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 April 2010 - 02:55 PM

I followed the instructions and the log file reads.

Volume in drive C has no label.
Volume Serial Number is 8006-5C25



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 AM

Posted 08 April 2010 - 03:03 PM

Open My Computer and tell me what is the Drive letter of Local Disk. Or write down all the Drives with the drive letters listed.

#12 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 April 2010 - 03:12 PM

(C:) Local Disk
Is listed

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 AM

Posted 08 April 2010 - 03:16 PM

What is the drive letter of you flash drive?

#14 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 April 2010 - 03:20 PM

(E:) Removable Disk

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:11 AM

Posted 08 April 2010 - 03:27 PM

Let's change the syntax. Make this batch file and run it.

QUOTE
@ECHO OFF
cd /d c:\
dir /a/s c:\atapi.sys >log.txt 2>&1
dir /a/s c:\iastor.sys >>log.txt 2>&1
reg load hklm\99 c:\windows\system32\config\system /f >>log.txt
reg query hklm\99\controlset001\services >>log.txt /f >>log.txt
reg unlaod hklm\99 /f >>log.txt
start log.txt

Edited by farbar, 08 April 2010 - 03:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users