Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS rootkit keeps giving me blue screen


  • Please log in to reply
No replies to this topic

#1 ThevileOne

ThevileOne

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 25 August 2010 - 12:05 PM

Feel free to close this. I fixed the problem.

Edit: I think I fixed the BSoD using the Recovery Console. I'm going to download programs recommended in a previous topic. I will return back here with progress once that is complete. In the meantime delay reading this post.

Update: I was able to access the registry keys for tltkoobh.sys and I deleted them. tltkoobh.sys no longer appears in my System32's driver folder.

I made a new topic after my old one got closed. I'm sorry about that, I was preoccupied with things. I thought it was inactive, because Windows told me it wasn't functioning, but when I started my computer this morning it gave me a dark blue screen tell me that it has to shut down to prevent damage to my computer and that tltkoobh.sys was the problem. Something about a page being detected in a non page area. I have received the screen several times.
It doesn't matter what mode I log into. I got as far as the desktop items loading in safemode when it appears. I tried Last known good and that gave me the dark blue screen. I do however have the windows recovery console thanks to combofix, but it doesn't tell me how to use it. (BTW I haven't tried safe mode with command promt yet if that would make a difference. )

I have windows XP professional with all service packs.

Any assistance to the matter would be helpful. I wont let this thread die this time.


Edit: Got the screen again PAGE_FAULT_IN_NONPAGED_AREA. However before that I exited out of the recovery console and I was allowed to log into my other profile for a bit until a svchost suddenly faiiled and it had to restart, then upon restart blue screen before the login. (note that it didn't restart itself. The screen froze up I had to power down myself)


Edit: I'm going to try to log into my alternate profile in safemode. That should prevent a svchost crash, then I will try to do all those things mentioned in my previous topic.
previous topic http://www.bleepingcomputer.com/forums/ind...=338794&hl=

Again so sorry gringo for not responding. Forgive me. also i'm sorry if this is in the wrong forum.

Edit: I wrote down more information.

STOP: 0x00000050 (0XA0D06B84, 0X00000001, 0XB7EC573C, 0X00000000)

tltkoobh.sys - Address B7EC573C base at B7EA2000, DateStamp 4c5f177f

After this it dumps physical memory to disk and after it finishes that it restarts and brings me to the login screen. If I try to login, it gives me the screen after a few seconds. right now I'm afraid to try anything else. I'll shut it off until I get a response.

Edit: I found your tutorial on the recovery console and learned what the STOP code means. i'm going to try to disable the driver.

Edited by ThevileOne, 25 August 2010 - 03:27 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users