Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


BSOD after contracting trojan horse virus

  • This topic is locked This topic is locked
1 reply to this topic

#1 lelex


  • Members
  • 1 posts
  • Local time:04:16 PM

Posted 23 October 2010 - 04:29 PM

Hi, I was wondering if someone could help me.

One day when I turned on my computer- after it working fine previously, although a blue screen did come up every now and again, which went after restarting- there was an anti-virus program thing which looked suspicious and fake. It had a fake windows symbol and I couldn't exit out of it so I accepted it, to see if I could get it off my screen somehow after that. But it started downloading files onto my computer or something. I still couldn't exit it so I just turned off the computer. I think it was turned off before it was complete.

Then my sister brought it to a computer guy. When I got it back, it turned on and I was able to use it. He had downloaded the free version of AVG anti-virus. It had a list of different files, and said that they had the trojan horse virus and were whitelisted. I didn't remove it because I looked it up and it said they were important files, and also I was hoping I could still use my computer, even with the anti-virus thing popping up all the time.

The next time I turned it on, a blue screen popped up saying 'STOP:c000021a'(Fatal System Error) The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000034 (0x00000000 0x00000000). The system has been shut down.

I tried to put it on safe mode and going to the last known good configuration, but the screen appeared again.

I've googled it, do I need to reinstall the OS? I use a netbook and it has no disc drive.

I'm at loss as what to do. There's nothing majorly important on there so I wouldn't mind wiping it all out but I'm not sure how.

Can anyone assist me at all? Or is my computer beyond repair?


btw, i use Windows XP home edition.

Edited by lelex, 23 October 2010 - 04:32 PM.

BC AdBot (Login to Remove)


#2 JSntgRvr


    Master Surgeon General

  • Malware Response Team
  • 11,929 posts
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:16 PM

Posted 23 October 2010 - 06:29 PM

Hi, lelex . :)


We will need to create a bootable CD that may allow us to scan the computer. There are various alternatives, so we need to know if you have a Windows XP installation CD?

If you do, please try this first:

Please print this guide for future reference and save it in the USB drive!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
  • Builder
  • Source: (path to Windows installation files)
  • Enter the path to the drive where your XP CD is located.
  • You can click on the "..." button on the right to navigate to the path as well.
[*]Custom: (include files and folders from this directory)
  • No information is necessary, leave blank.
  • Keep the default
  • Media output
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD
    • Download the RunScanner plugin and save it to your desktop

    Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!

    • Press the Plugin button on the PE Builder interface
    • Press the Add button and navigate to the location of the RunScanner plugin to install
    • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable
  • When your done press Close and the PE Builder interface will re-appear
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit
4. Burn your ISO file to CD


From your clean computer..

Please download OTLPE.zip and save it to a flash drive.

Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!


Plug your flash drive into your sick computer now and do as instructed below..


1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created
  • Insert the CD in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on No
  • After it loads press the Go button in the lower left and do this....
    • Go
    • System
    • Display
    • Screen Resolution
    • 1024x768
    Next choose....
    • Go
    • Programs
    • A43 File Management Utility

In A43File Management you should see your flash drive
Navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.cmd.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start

    Change the following settings
    • Change Services, Drivers, Standard and Extra Registry to All
    • Uncheck LOP and Purity check

    Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!

  • Copy and Paste the following code from your flash drive into the Posted Image textbox. Do not include the word "Code"


  • Push Posted Image
  • A report will open named "OTL.txt" (C:\OTL.txt) . Save this log's to your flash drive. Copy and Paste this in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users