Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random system crashes and instability


  • This topic is locked This topic is locked
18 replies to this topic

#1 tokarnik

tokarnik

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 27 August 2010 - 12:33 AM

Hello, nice to meet you all

I've been recently having severe problems with getting my PC (Windows XP) to run normally. It first began perhaps a week ago, when firefox began crashing down unsuspectedly. Shortly after, I've experienced the first BSOD crash, and it has repeated many times at random times. I've ran a ZoneAlarm scan, discovering several viruses in the Java directory which I deleted, now I think it might have been a mistake. Nevertheless, the problem seem to have gone away for a short while. The next time I rebooted the computer (a day passed) however, the crashes appeared again. Trying to run a malwarebytes scan causes the program to crash.

Here are all the symptoms that I've witnessed so far:

-Spontaneous crashing of Firefox
-Inability to launch Internet Explorer
-MBAM error while launching Malwarebytes (fixed with reinstall)
-Unspecified error while running Malwarebytes scan causing the program (not the system) to crash in the middle of scan
-Zone Alarm Antivirus being impromptu turned off without ability to turn it back on (fixed on restart)
-Random systemic crashes leading to BSOD, some happening right after Windows loads
-A new network being recognized by ZoneAlarm, which I set to the Internet Zone (I wasn't sure whether this was normal or some outside connection into my computer)
-General system slowdown
-NEW: ZoneAlarm scan function was rendered inaccessible. This was solved by restarting the system in Safe Mode.
-NEW: ZoneAlarm ForceField unexpectedly crashed
-NEW: Running GMER causes system to hang.


The crash causes a BSOD to briefly appear, which I can't read because it flashes way too quickly and it doesn't fill up all my monitor resolution. This whole thing might be due to some hardware problem, but I can't rule out the possibility of malware infection. I am currently in Safe Mode, and everything (including firefox) appears to be stable.

Here is a copy of a HijackThis log:

[codebox]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:51 AM, on 8/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCheckPointZAForceFieldIswSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
C:Program FilesGIGABYTEEnergySaverGSvr.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSexplorer.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticmom.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesCheckPointZAForceFieldForceField.exe
C:WINDOWSsystem32conime.exe
C:Program FilesSteamSteam.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesATLAS V14ATLIECOM.exe
C:Program FilesMalwarebytes' Anti-Malwarembam.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsUserDesktopTestHijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:Program FilesATLAS V14ATLIECP.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:Program FilesCheckPointZAForceFieldTrustCheckerbinTrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:Program FilesVeoh NetworksVeohWebPlayerVeohIEToolbar.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program FilesCheckPointZAForceFieldTrustCheckerbinTrustCheckerIEPlugin.dll
O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:Program FilesATLAS V14ATLIECP.DLL
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [36X Raid Configurer] C:WINDOWSsystem32xRaidSetup.exe boot
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [Acronis Scheduler2 Service] "C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe"
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [ISW] "C:Program FilesCheckPointZAForceFieldForceField.exe" /icon="hidden"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 - Extra context menu item: &Translate with ATLAS - C:Program FilesATLAS V14Atlscript.html
O8 - Extra context menu item: ATLAS Translation &Editor - C:Program FilesATLAS V14AtlscriptEdit.html
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:Program FilesATLAS V14Atlscript.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - c:program filessteamsteamappscommondragon age originsbin_shipDAUpdaterSvc.Service.exe (file missing)
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:Program FilesFreenetbinwrapper-windows-x86-32.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:Program FilesGIGABYTEEnergySaverGSvr.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:Program FilesCheckPointZAForceFieldIswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:WINDOWSsystem32ZoneLabsvsmon.exe

--
End of file - 6151 bytes[/codebox]

Here are some error logs which I think are related to the crashes created in Eventviewer

[codebox]Product: Windows Operating System
ID: 1003
Source: System Error
Version: 5.2
Symbolic Name: ER_KRNLCRASH_LOG
Message: Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 8/24/2010
Time: 6:15:47 AM
User: N/A
Computer: STANLEY
Description:
Error code 1000000a, parameter1 9e6cbe64, parameter2 00000002, parameter3 00000000, parameter4 80523a10.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 30 1000000
0020: 61 20 20 50 61 72 61 6d a Param
0028: 65 74 65 72 73 20 39 65 eters 9e
0030: 36 63 62 65 36 34 2c 20 6cbe64,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 38 30 35 32 00, 8052
0050: 33 61 31 30 3a10
[/codebox]

[codebox]Event Type: Error
Event Source: sptd
Event Category: None
Event ID: 4
Date: 8/26/2010
Time: 12:30:39 AM
User: N/A
Computer: STANLEY
Description:
Driver detected an internal error in its data structures for .

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 52 00 ......R.
0008: 00 00 00 00 04 00 04 c0 .......
0010: cb 00 00 00 00 00 00 00 .......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
[/codebox]

[codebox]
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/26/2010
Time: 12:40:48 AM
User: NT AUTHORITYSYSTEM
Computer: STANLEY
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
[/codebox]

[codebox]
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 8/24/2010
Time: 5:55:56 AM
User: N/A
Computer: STANLEY
Description:
Error code 1000008e, parameter1 c0000005, parameter2 bf80590a, parameter3 ba277c2c, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 38 1000008
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 63 30 eters c0
0030: 30 30 30 30 30 35 2c 20 000005,
0038: 62 66 38 30 35 39 30 61 bf80590a
0040: 2c 20 62 61 32 37 37 63 , ba277c
0048: 32 63 2c 20 30 30 30 30 2c, 0000
0050: 30 30 30 30 0000
[/codebox]

I would really appreciate any help, as this seems to be a serious issue with my computer. I hope I won't have to end up reformatting the entire hard disk! Meanwhile I'll try to keep this thread updated if anything new comes up.

Update: Ok I'm almost sure this is malware related. ZoneAlarm scan function is now inaccessible (I can't even find the antivirus panel, and clicking scan now does nothing). ZA Forcefield (which is the internet extention, not firewall as I earlier thought) abruptly closed.

Update 2: Trying to run GMER registry check causes system hangs. I managed to finish the scan, but I couldn't save the results due to a computer freeze. If someone could recommend another rootkit checker, I would be very thankful.

Sorry to bump, I just don't want this thread to get lost in the listing.

The random crashes are still going as strong as ever, I'm beginning to suspect this may have something to do with RAM. Still, I've managed to save a GMER log, and I'm also going to upload the minidump files. I've also ran a disk defragment and cleared up the main drive, which I think only made the problem worse. The system is, once again, fairly stable in safe mode.


GMER log

http://www.mediafire.com/file/t3a0e6dge0xed0h/ark.log

minidump

http://www.mediafire.com/file/xohfhqdvp0492iw/Minidump.rar

EDIT: Posts merged and moved from AII ~BP

Edited by Budapest, 06 September 2010 - 01:39 AM.
Moved from AII ~BP


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 06 September 2010 - 05:05 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 tokarnik

tokarnik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 07 September 2010 - 02:40 AM

Thanks for responding m0le. It's okay, I can wait as long as it takes, and it's good to know that someone is on the case now.

This problem still persists and the computer is behaving randomly. So far I haven't tried doing any changes or attempts to fix the problem myself.

When trying to restart/turn on the computer as normal, I get an error during boot "system32 not found or corrupt" (I'm not sure about the exact wording). I managed to log on to my computer by putting in my Windows CD (which is sorely outdated btw) entering the repair console, and not doing anything in it except typing "exit" which causes the computer to restart and windows to open. So far this has been the only way I could successfully manage to boot up my PC.

Even if I do get my windows running, the crashes and BSOD's still happen at any time. Moreover I've noticed a lot of the programs behaving erraticallyl. A restart can sometimes solve these problems, but as I said, it's difficult. Usually a sign of an upcoming BSOD becomes visible when google chrome fails to load pages. Then I have to go to the restart procedure outlined above over and over again just to get the computer working in a more or less stable manner. Just as it has over the past few days, but the BSOD's came back.

I think right now it may be a good idea to consider a bios flash or a RAM check, but I'm worried that may screw up my computer beyond repair because of its apparent inability to boot as normal. I will post my hardware log as soon as possible (it's quite late right now and I need some sleep).

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 07 September 2010 - 08:20 AM

It would be useful to try and get in through the back way and get a scan of the PC. First we need to see if we can find the cause of this so attempt the following scans. If the PC isn't playing ball then come back to me.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Then
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 tokarnik

tokarnik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 07 September 2010 - 07:08 PM

Just two quick things I want to make sure before I continue:

-When I select exit from the MBRcheck (which did reveal some kind of issue) I can't seem to locate any log being created. Is there a special directory that the file gets saved in?

-running the TDSSKiller reveals the infected file, sptd.sys or something, which is exactly the file that I've seen malfunction in my error logs and some of the BSOD messages. However I couldn't find any cure option, only quarantine and delete. I'm a little worried about selecting either of these as it might be a critical system file.

Edited by tokarnik, 07 September 2010 - 07:09 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 07 September 2010 - 07:21 PM

The MBRCheck log is created on the desktop.

If you can't find it, let me know what it said.


TDSSKiller finds the infected system file and cures it if you allow it to. Although it seems like it is deleting a system file it is in fact deleting an infected system file and replacing it. No problem.
Posted Image
m0le is a proud member of UNITE

#7 tokarnik

tokarnik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 07 September 2010 - 10:37 PM

Sorry for the blunder, my desktop tends to get cluttered with icons.

I've deleted the sptd file and restarted the computer with no problems. It seems we are getting somewhere :D

Here are the logs:

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 08 September 2010 - 04:48 PM

That's a good couple of logs there.

Please run Combofix now

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 tokarnik

tokarnik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 08 September 2010 - 10:42 PM

Here is the log.

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 09 September 2010 - 07:31 PM

Please run the ESET online scanner next to clear out infected files and other assorted garbage
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#11 tokarnik

tokarnik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 13 September 2010 - 07:12 PM

I've run an ESET scan, but no malware was found.

However the TDSS killer I used earlier scan revealed an infected/corrupt file, sptd.sys which it then deleted and replaced.

After that, the spontaneous BSOD crashes ended, computer boots and restarts normally, and everything seems to be stable. I think it would be safe to call this round. If this problem resurfaces in the near future, I'll be sure to update this thread. Still I wonder what might have happened?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 14 September 2010 - 03:53 PM

Sptd.sys was infected and TDSSKiller has replaced it with a clean copy.

I will keep the topic open for five days before closing it but before you go please take a bow...and read and action the following.

You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
[/list]
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it tokarnik, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 tokarnik

tokarnik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 17 September 2010 - 08:57 PM

Thanks for all the help m0le. I really appreciate what you guys are doing. However like any good nightmare this system error may resurge again. I really hope I've seen the last of it.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 PM

Posted 17 September 2010 - 09:13 PM

You have. clapping.gif
Posted Image
m0le is a proud member of UNITE

#15 tokarnik

tokarnik
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 17 September 2010 - 09:57 PM

Some terrible news. Shortly after I finished writing that last post. BSOD. Everything's screwed up again just as I predicted. The system crashes, and I get the Zone Alarm instability again (antivirus turning off and other weird blips).

I've had a few days without any problems so it led me to conclude everything's gone back to normal. How the hell is this happening? Is this some sort of concerted attack on my computer? I mean if this was at least a hardware issue, then I wouldn't be able to even get any programs working. But it just seems that everything works for a while until I let my guard down, then come the chain crashes.

Edited by tokarnik, 17 September 2010 - 09:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users