Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to find out what could be the problem


  • This topic is locked This topic is locked
16 replies to this topic

#1 certifiedkj

certifiedkj

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 17 August 2010 - 08:23 PM

Hi. Recently I've run into a few problems with my computer. I don't know if this problem should be posted in this particular section, if not my apologies.

A few days ago, AV security suite installed itself onto my pc, bringing up all sort of security warnings such as "Application cannot be executed. The file is infected" I know its a scareware. After it was installed, I was still able to reboot my computer in regular as well as in safe mode, with no problems at all. Well now it wont do that for me anymore, and I've been tearing my hair out trying to get this thing back up and running. I was in the process of removing that very annoying file but when I boot up my computer now, it's stuck on the screen with the windows xp logo instead of proceeding to the login screen. Even when I try booting in safe mode (as well as with networking), it either gives me the black screen with all files listed it needs to boot or the blue screen of death stating:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

and gives me the technical information of:

** STOP: 0x000000d1 (0x00000018, 0x00000002, 0x00000000, 0xf7b1925f)
** iastor.sys - address f7b1925f base at f7b0a000, datestamp 42b2df42

Why would it boot up just fine one minute then start doing this? What can make it be doing this? Is there anything I can do in order to correct this? I would really like to be able to save my files. Please help me.

Thanks.

Edit: Also my os is Windows XP home media edition on a Dell XPS 400

Edited by certifiedkj, 18 August 2010 - 07:00 PM.
Moved from XP forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:49 PM

Posted 22 August 2010 - 09:49 PM

Hi certifiedkj and welcome.gif to Bleeping Computer.

In order to offer us the best chance of recovering your system, we need to know exactly what caused the issue.

Could you please outline for me, in as much detail as possible, all actions you took in order to attempt to remove the malware?

Also, do you have a Windows XP CD available?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 certifiedkj

certifiedkj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 24 August 2010 - 02:11 PM

Thanks for the welcome.

How i got the malware was from a sites ad (The site itself was listed as a McAfee green site). A task box kept popping up asking me something ( I don't quite remember what it said) and gave me the options to click ok or cancel, but wouldn't allow me to click the "x". I clicked cancel and quickly exited the site. Seconds later the malware was detected by McAfee security suite as "Generic Pup.z!cy", and AV secuirty suite suddenly popped up and started doing a fake scan with fake results. I attempted to remove it with McAfee security suite but it wouldn't allow me to open it. After I did a little search through google and reading through a few sites, I downloaded a program called vipre and attempted to install it but it would not allow that either.

I then restarted the computer a couple times in normal mode and was able to sign in to xp. I was able to do the same with safe mode as well. The last time I was logged in the computer, I shut it down manually. I came to a second computer to do a little searching and decided to burn vipre on a cd, and returned to the infected computer to boot safe mode with networking. That's when it would not boot correctly anymore, in normal mode or any of the safe modes. Everytime I boot up the computer, in normal mode I still get the screen with the xp logo not proceeding to the login, no matter how long I leave it on. With any of the safe modes, it just shows the black screen with the files listed or the blue screen of death stating;

DRIVER_IRQL_NOT_LESS_OR_EQUAL

** STOP: 0x000000d1 (0x00000018, 0x00000002, 0x00000000, 0xf7b1925f)
** iastor.sys - address f7b1925f base at f7b0a000, datestamp 42b2df42

I have one but cannot locate my Windows XP CD, we recently moved and can't remember where it could be.

Edited by certifiedkj, 24 August 2010 - 02:15 PM.


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:49 PM

Posted 25 August 2010 - 09:32 AM

Hello certifiedkj:

You are really going to want to find that Windows CD. . . it will make fixing this a whole lot less painful, and might actually be required in this case (we may need to grab a replacement copy of one of your critical drivers). We can try some things if you absolutely cannot find it. Please try to locate the disk, and let me know whether you are successful.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 certifiedkj

certifiedkj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 25 August 2010 - 07:00 PM

Well I still wasn't successful in finding the disk, so I contacted Dell and ordered the copy of it. It will arrive to me in a few days. So shall we wait until the copy gets here?

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:49 PM

Posted 25 August 2010 - 09:04 PM

That would be best.

Let me know when you have the disk available. smile.gif

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 certifiedkj

certifiedkj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 03 November 2010 - 01:36 PM

Hi. I know its been a couple months but you have no idea what I went through to get a replacemt copy but I finally got it. Now what?

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:49 PM

Posted 03 November 2010 - 02:10 PM

Hello.

Glad to see you back!

I am moving this topic to the Malware Removal Logs forum for advanced removal routines.

  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open

At the command prompt, type the following bolded lines exactly as given. Press Enter between each line. Note:The Recovery Console may return responses for some of the lines. If a response is returned, please note the returned text and report it back to me here.
extract D:\i386\iastor.sy_ C:\windows\system32\drivers\iastor.sys
exit
Now, remove the disk from the drive, and allow Windows to boot normally. Are you able to boot?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 certifiedkj

certifiedkj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 03 November 2010 - 02:52 PM

It returns the response 'The command is not recognized. Type HELP for a list of supported commands.'

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:49 PM

Posted 03 November 2010 - 05:40 PM

whoops. . . that's completely my fault.

instead of extract type expand.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 certifiedkj

certifiedkj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 03 November 2010 - 05:50 PM

Now it returned a response of 'the system cannot find the file or directory specified.'

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:49 PM

Posted 03 November 2010 - 06:12 PM

Is your CD drive specified as the D:\ drive?

Edited by Blade Zephon, 03 November 2010 - 06:12 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 certifiedkj

certifiedkj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 03 November 2010 - 06:40 PM

Yes its D:\ drive

Edited by certifiedkj, 03 November 2010 - 06:41 PM.


#14 certifiedkj

certifiedkj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 03 November 2010 - 07:29 PM

I did it once more and it replied with a response 'the file could not be expanded.'

#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:49 PM

Posted 05 November 2010 - 09:01 PM

Hi certifiedkj.

Sorry for the confusion. Let's try this.

substitute the following command for expand D:\i386\iastor.sy_ C:\windows\system32\drivers\iastor.sys

copy D:\i386\iastor.sy_ C:\windows\system32\drivers\iastor.sys

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users