Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD after contracting trojan horse virus


  • This topic is locked This topic is locked
1 reply to this topic

#1 lelex

lelex

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 23 October 2010 - 04:29 PM

Hi, I was wondering if someone could help me.

One day when I turned on my computer- after it working fine previously, although a blue screen did come up every now and again, which went after restarting- there was an anti-virus program thing which looked suspicious and fake. It had a fake windows symbol and I couldn't exit out of it so I accepted it, to see if I could get it off my screen somehow after that. But it started downloading files onto my computer or something. I still couldn't exit it so I just turned off the computer. I think it was turned off before it was complete.

Then my sister brought it to a computer guy. When I got it back, it turned on and I was able to use it. He had downloaded the free version of AVG anti-virus. It had a list of different files, and said that they had the trojan horse virus and were whitelisted. I didn't remove it because I looked it up and it said they were important files, and also I was hoping I could still use my computer, even with the anti-virus thing popping up all the time.

The next time I turned it on, a blue screen popped up saying 'STOP:c000021a'(Fatal System Error) The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000034 (0x00000000 0x00000000). The system has been shut down.

I tried to put it on safe mode and going to the last known good configuration, but the screen appeared again.

I've googled it, do I need to reinstall the OS? I use a netbook and it has no disc drive.

I'm at loss as what to do. There's nothing majorly important on there so I wouldn't mind wiping it all out but I'm not sure how.

Can anyone assist me at all? Or is my computer beyond repair?

xx

btw, i use Windows XP home edition.

Edited by lelex, 23 October 2010 - 04:32 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:56 PM

Posted 23 October 2010 - 06:29 PM

Hi, lelex . :)

:welcome:

We will need to create a bootable CD that may allow us to scan the computer. There are various alternatives, so we need to know if you have a Windows XP installation CD?

If you do, please try this first:

Please print this guide for future reference and save it in the USB drive!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe
  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
  • Builder
  • Source: (path to Windows installation files)
  • Enter the path to the drive where your XP CD is located.
  • You can click on the "..." button on the right to navigate to the path as well.
[*]Custom: (include files and folders from this directory)
  • No information is necessary, leave blank.
[*]Output:
  • Keep the default
[/list][/list]
  • Media output
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD
    • Download the RunScanner plugin and save it to your desktop
    http://www.paraglidernc.com/Files/RunScanner10025.cab

    Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!


    • Press the Plugin button on the PE Builder interface
    • Press the Add button and navigate to the location of the RunScanner plugin to install
    • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable
  • When your done press Close and the PE Builder interface will re-appear
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit
4. Burn your ISO file to CD
==========

Next........

From your clean computer..

Please download OTLPE.zip and save it to a flash drive.
http://oldtimer.geekstogo.com/OTLPE.zip
http://www.itxassociates.com/OT-Tools/OTLPE.zip

Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

==========

Plug your flash drive into your sick computer now and do as instructed below..

==========

1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created
  • Insert the CD in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on No
  • After it loads press the Go button in the lower left and do this....
    • Go
    • System
    • Display
    • Screen Resolution
    • 1024x768
    Next choose....
    • Go
    • Programs
    • A43 File Management Utility
==========

In A43File Management you should see your flash drive
Navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.cmd.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start

    Change the following settings
    • Change Services, Drivers, Standard and Extra Registry to All
    • Uncheck LOP and Purity check

    Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!

  • Copy and Paste the following code from your flash drive into the Posted Image textbox. Do not include the word "Code"


    /md5start
    userinit.exe
    Winlogon.exe
    Explorer.exe
    /md5stop

  • Push Posted Image
  • A report will open named "OTL.txt" (C:\OTL.txt) . Save this log's to your flash drive. Copy and Paste this in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users