Posted 19 October 2010 - 06:37 PM
Long-time reader of this forum, first-time poster...
I'll give you some info that might help.
I've had quite a few PCs come through my office the past few weeks with this EXACT BSOD. I bet when you try to boot to safe mode, you hit a 0x7B, right?
Two weeks ago when the PCs started coming in with this, it was an Alureon variant infection at c:\windows\system32\drivers\dmio.sys in addition to the usual userinit hijack in the registry and some bogus dll's. I also saw it with the mbr variant of Alureon. I was able to clean by mounting externally in another PC, running MS Security Essentials scan on it, and then booting to recovery console and running fixmbr on the mbr variant (MSSE was unable to clean the hard drive with the mbr infection-- it made sure to notify me over and over though...very annoying!)
Unfortunately, this week the two PCs I've had come in with it-- I can't pin down the location of infection. fixmbr doesn't work, I've replaced a good deal of the drivers at c:\windows\system32\drivers with known clean ones. All I have is that ONLY Avast and Emsisoft (as horrible as it is...) detected ANYthing other than a java exploit. Both flagged a bunch of .tmp files at c:\windows\temp as being infected with the "Enistery" virus.
I uploaded those files to Virustotal, where SuperAntiSpyware, Avast, and Emsisoft remain the only ones that find anything malicious in them. I'd be tempted to say false positive, but... google "Enistery" and you'll see the only references to this malware have popped up in the last week. It looks to me like a new rootkit variant-- I'd guess TDSS/Alureon at this point, as that's what it's been in the past, but yall's guess is a good as mine.
Ironically, as I walked through my college today, I saw several of the kiosk PCs
All said and done, my advice would be to:
1. Access your hard drive from a PE environment (ie Linux DVD) OR mount in an external enclosure
2. Make a careful limited backup (no sense in dragging any infection with you)
3. Write zeros to the drive (if you want to be extra careful)
4. Format the drive and reinstall
Nevertheless, make sure to give other folks on here a chance to weigh in. Perhaps there's another solution out there. The quickest resolution would be to reinstall (I spent >6 hours cleaning this $#@%! rootkit each time, as it's always changing).