Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown viurs?


  • Please log in to reply
4 replies to this topic

#1 dwolff

dwolff

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 19 July 2010 - 04:34 PM

Computer is exhibiting strange behavior. Running XP SP3 on AMD 4800+ with BFG 7900GS. First thing wrong is it's taking an extended time to get to login screen. Also I see a 'glitch' in the video. This happens 3 times. Once when the black XP loading screen is displayed, and then twice when the login screen comes up. It looks like a momentary loss of sync. After waiting for a much longer than usual time, the desktop appears. The desktop icons blink many times and the taskbar takes very long to be populated. After all that's done, if I open a window and shrink it, then drag it around, it leaves trails and the desktop icons that it covered take long to reappear. This looks like I have a slow video card with no acceleration. Games are running VERY poorly. DxDiag shows no problem. I've used combofix before with proper results, but now it crashes with this error: driver_irql_not_less_or_equal, stop D1, mbr.sys. gmer crashes during scan as does rootkit revealer. Rootkit unhooker crashes immediately. Helios, catchme and mbr detector all run to completion but show nothing. Computer has crashed also, showing error in kgdiiaoc.sys(?). DDS hung the last time I ran it. On a previous run it got to completion and showed these -
S0 eewcrrsd;eewcrrsd;f:\windows\system32\drivers\kmnymbmk.sys --> f:\windows\system32\drivers\kmnymbmk.sys [?]
S0 gsoblusb;gsoblusb;f:\windows\system32\drivers\ijfrhafm.sys --> f:\windows\system32\drivers\ijfrhafm.sys [?]
S0 qvdxzgly;qvdxzgly;f:\windows\system32\drivers\xjkdorhx.sys --> f:\windows\system32\drivers\xjkdorhx.sys [?]
These drivers do not appear in the location in which they are listed.
Thank you for your time.
Also could you please fix the messed up 'viurs' in the topic... thanks

Edited by Orange Blossom, 20 July 2010 - 10:51 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB


BC AdBot (Login to Remove)

 


#2 dwolff

dwolff
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 22 July 2010 - 11:41 AM

What a crock of #$!* - I didn't follow the prep guide. But you are the experts... and combofix is so complicated to run. What's that recovery console thingy? I think it removes root canal activity. You see those randomly named .sys files? I wonder what they are? Too bad, I'll deal with it myself and you won't have the benefit to identify what this infector is and why it crashes so many detection programs. Thanks, but you can delete this whole #$!*ing post. Be careful when you touch the big scary-looking computing box what contains all sorts of electronic gizmos, it's very complicated.

Edited by dwolff, 22 July 2010 - 11:42 AM.


#3 Nawtheasta

Nawtheasta

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Location:New England, USA
  • Local time:02:25 PM

Posted 22 July 2010 - 12:33 PM

You need to understand that when you come to this site you are asking for free help from strangers.
The moderators and staff are all volunteers. I have yet to see them respond to anyone in a condescending way. They are very patient and tolerant of even the most basic type question.
The tone of your response is unjustified and indicates you do not appreciate what the folks at this site would have tried to do for you.

Edited by Nawtheasta, 22 July 2010 - 12:33 PM.


#4 dwolff

dwolff
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 22 July 2010 - 07:55 PM

Righto. They moved it to a place where there will be no response because I didn't follow the rules? They want a DDS script log. I have run it and pointed out the suspicious entries. They want a GMER log. If they read my post they would see that the infection crashes GMER. They say don't run Combofix unless told to by someone who is trained in running Combofix... trained in running Combofix... really? Oh no I ran Combofix. Their whole attitude that they are the experts and everyone else doesn't know what they're doing is condescending. Combofix is a great piece of work, but the fact is I don't need this forum to fix my virus issue. I held off fixing it for days thinking that maybe they would want some info as to why this infection crashes GMER and Combofix. I was wrong. So I'll fix it myself and whenever this thing spreads, GMER and Combofix will be unable to handle it. I would have appreciated it very much, but I didn't appreciate waiting days with this thing on my system and then having the post moved to a place where there will be nothing gained.
That is why the attitude. Thank you.

Edited by dwolff, 22 July 2010 - 08:05 PM.


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:25 PM

Posted 28 July 2010 - 11:10 PM

Hello there,

Please calm down. I understand that you are frustrated but my moving the topic does not by default mean that you won't get a response. We all make mistakes as I did here in moving the topic. That said, I had to read your topic 6 times tonight to see that you did indeed try to follow the prep. guide. It was not obvious that you had done so because your post is basically one huge paragraph. Breaking up the text would make it easier to read. An initial statement something to the effect: I am unable to run DDS and GMER. This is what happens when I try, . . . would prevent this kind of misreading.

That said, because you self-responded, many folks likely thought you were already receiving assistance. Further, sending me a PM would have alerted me to the error I made and I could have moved your topic back to the log forum as soon as I received your PM. I have only now become aware of your self-responses and the error.

As for ComboFix, it is a great tool yes, but there are occasions when it can create severe problems. I've seen it happen. In addition, many of our members are new to computer use. It is imperative that ComboFix be run under the supervision of someone trained in its use, just as it is wise to receive heart surgery from someone trained in heart surgery. This is not snobbery, it is fact. I myself do not provide advice in running ComboFix because I am not trained in using it.

Given the time lapse involved, if you still require assistance, please post a fresh topic in the log forum with an updated description of your computer issues. If you are able to produce the logs, the please post them in that new topic. If you are unable to, please state so clearly at the beginning of the topic. We read a lot of posts in a day, and it is easy to miss something particularly when it's buried.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users