Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer crashed during and install - now won't reboot


  • This topic is locked This topic is locked
11 replies to this topic

#1 lands

lands

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 15 November 2010 - 08:43 PM

Hi,

I'll try to be brief but still give all the relevant info. A friend has a laptop that was infected to some degree by the ThinkPoint virus. They asked me to help, so I found the instructions listed here and ran through the process.

Malwarebytes found 60 infected files, so I clicked remove. It said it needed a reboot, so I let it and it rebooted fine. I then tried to install Avast antivirus as they had requested; I foolishly selected to include Google Chrome (seems foolish now anyway). It was running through the install, got to the point where it said it was at 100% installing Chrome, and it crashed.

Now I can't reboot, even in safe mode! When I reboot in safe mode with networking, it stops and hangs at: DRIVERS\isapnp.sys

When I boot normally it hits a very quick blue screen of death that's gone before I can read it.

Thanks in advance for the help. I'm going to look like a real bozo if I return his computer doa... :wacko:

Appreciate it.

Edited by hamluis, 16 November 2010 - 08:47 AM.
Moved from XP forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 lands

lands
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 15 November 2010 - 11:44 PM

I THINK I MANAGED TO FIX IT.

Following the info found here: http://www.bleepingcomputer.com/forums/topic288949.html/page__st__15

and more succinctly here: http://it.toolbox.com/blogs/golden-orbit-blog/windows-xp-hangs-at-isapnpsys-37891

I was able to make a Hiren's boot CD, rename the 0 size file and it rebooted. Will see of the next few hours if everything goes ok. Will report back if issues still persist.


Here's a summary:

Hi there,

I may help you with this, because I have solved similar problem.
I downloaded "Hiren's Boot CD". I burnt the ISO to a CD, booted from it and lunched the Mini XP.
In Mini Windows I went to the C:\Windows\System32\drivers directory and renamed all files that had a size of 0 kB.
I think you may delete them as well. Anyway, after this action I just removed the boot CD from my drive and rebooted as usual. And everything is OK for now...

I hope it helps, I wish you good luck!
Furthermore, I found this solution here...
http://it.toolbox.com/blogs/golden-orbit-b...isapnpsys-37891

I just still don't know why that error happened.

Best wishes,
Alesh



#3 lands

lands
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 16 November 2010 - 12:43 AM

NOPE

Got it to boot up, ran an Avast scan and starting getting warnings that my SVCHost was trying to contact:

199.80.55.80

Then got the BSOD. After reboot Avast shows it that if found and moved Win32:Dropper-gen [drp]

I'm going to rescan now and see what happens. If you've got any input, I'd appreciate some. :huh:

#4 lands

lands
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 16 November 2010 - 03:40 AM

So now I seem to have gotten rid of the Trojan, but I'm randomly getting the BSOD and this message:

STOP: c0001132 unknown hard error
unknown hard error


Any ideas?

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:33 PM

Posted 16 November 2010 - 01:52 PM

Hi Lands, I would appreciate it if you could let me know who send you that message? Did you receive this at BleepingComputer? I am asking since we do not support the use of Hirens Boot CD, since it uses copyrighted Microsoft files, as well as some licensed tool/tools that are meant to bypass security settings.

I'm glad to hear you got things fixed, let me know if you need any more help getting rid of malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 lands

lands
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 16 November 2010 - 05:33 PM

Hi,

This issue started with me trying to help a friend clean his laptop of what appeared to be a ThinkPoint virus. Now I'm thinking he had more on there as well. I followed the instructions here using Malwarebytes and other programs. Here's where I'm at now:

I'm able to boot up.
I've installed Avast.

I get trojan alerts that involve: win32:Downloader-EWO [trj] , temp files and Windows/system32/svchost.exe

When I do a virus scan now, I often get the BSOD with this message:

STOP: c0001132 unknown hard error
unknown hard error

(the "c000... part is often different numbers)


I've tried to use combo's of Malwarebytes, Avast and rkill, but can't find a combo that works.

Thanks very much for your help. I'd hate to have to return my friends laptop DOA and look like a fool... <_<

#7 lands

lands
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 16 November 2010 - 06:04 PM

UPDATE

I just got through a deep Malwarebytes scan and came back with this:

adware.BHO ...Aplication Data\WSTB\64bX86.exe
Rootkit.TDSS ...Temporary Internet Files\Content.IE5\9F7LXLIK\dm3[1].exe
Trojan.Startpage Program Files\Alwil Software\Avast5\ChromeInst.exe

On previous scans, it found a few things, but it's obviously reinstalling or the cause is not being cleaned.

***One note that may or may not mean anything. After I originally removed the ThinkPoint files, I rebooted and my machine crashed after/during the Avast install of Chrome. I mention that because the Trojan.Startpage above appears to be link to a Chrome related exe.

Thanks!

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:33 PM

Posted 16 November 2010 - 10:23 PM

Hello,

I merged your new topic to your previously existing topic on the same issue to avoid confusion for all concerned and for the sake of continuity.

Elise, you're much more knowledgeable than I about this kind of thing, so I'll leave this in your capable hands.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 lands

lands
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 17 November 2010 - 02:49 AM

Yes, but it seemed to make sense because the new problem I was having was not XP not booting up (which i fixed) but that I now had virus problems.

No difference I guess, since I didn't get help for either thread.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:33 PM

Posted 17 November 2010 - 04:47 AM

Hi Lands, can you please answer this:

I would appreciate it if you could let me know who send you that message? Did you receive this at BleepingComputer?


I'll move this topic to a more appropriate forum.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:33 PM

Posted 22 November 2010 - 06:22 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:33 PM

Posted 25 November 2010 - 06:40 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users