Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast! Detected a Rootkit immediately before a Blue Screen


  • This topic is locked This topic is locked
2 replies to this topic

#1 nykohchun

nykohchun

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:51 AM

Posted 12 December 2010 - 02:18 AM

So this is a long story. First, about a month ago, I was browsing Bing and ended up with the ThinkPoint Virus. It took about a week to be fully rid of it. I tried everything, including a system restore, to no avail, before finally very carefully following directions to remove it through the registry. It worked, or so it seemed. As time went by, I noticed WAY too many (57 of them at one point, not kidding) instances of mshta.exe running. A quick Google search revealed that several people had the same problem after defeating Think Point, and some had discovered that going to control panel -> scheduler and deleting the "At1" "At2" "At3"...through to "At48". I did, and THAT problem was solved. Less than a week later, the computer started acting funny again. It started just by being slow. Then it began freezing. Then the popups began. First was a "You Have Won A $1000 Wal-Mart Gift Card!" window, which looked like a Windows Alert box, and was accompanied by audio with the same message. Next, there were pop ups of all sorts. Ads. Google began redirecting me to random ads and something called "Ask To Friends." I checked the Task Manager and I found four instances of iexplore.exe, though I only had one window open, and seven instances of rundll32.exe. That seemed very wrong. I ran a manual scan on Avast. It found nothing. I disconnected from the internet, disabled Avast, and ran Malwarebytes. It found a trojan "Fake.Updater" or something similar. I told it to delete it, and restarted as instructed. On reboot, I ran the scan again. Nothing was different, the virus was still there. Frustrated, I disabled Malwarebytes and ran TrendMicro House Call. It didn't find anything. I reconnected to the net, updated Malwarebytes, disconnected from the net and ran another scan. It found the virus, and quarantined it. I clicked delete, and again, nothing changed. When I reconnected to the net, the popups started the moment I opened IE. I ignored them and came here. I tried to run DDS. Blue screen of death. Restarted, tried to run it again. Blue screen of death. Gave up. Tried to run GMER. Blue screen of death, again, twice before giving up. I tried to start a topic explaining this, and got another blue screen. So I shut down and went to bed. Today when I got up, I connected to the internet, and just as the IE screen appeared, Avast (which runs a constant-protection at startup) said "Warning! Rootkit has been detected!" Before I could even read the rest of the message, a blue screen appeared, reading "IROL_NOT_LESS_OR_EQUAL". Now, every time I turn it on, just before it is done booting, it shows this screen. I finally dug my slow, clunky 2001 Apple out of the closet and hooked her up to post this because my windows machine is dead. I am at a total loss. Help me!!

I run Windows XP Home Service Pack 3 on a Dell Inspiron E1505, but because the computer is down, I can't list processor, RAM, or hard drive size. I'm sorry. Is there anything that can be done at this point? This is not my first time at the rodeo, and I am a fast learner, but I've never encountered anything like this before.

BC AdBot (Login to Remove)

 


#2 nykohchun

nykohchun
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:51 AM

Posted 19 December 2010 - 08:52 PM

Well. No thanks to this forum, I solved the problem. Thanks for absolutely not helping.

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:51 AM

Posted 20 December 2010 - 10:15 AM

Hello,

Please note that BleepingComputer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are those of other comparable sites that help members with malware issues. Athough our MRT staff work on hundreds of requests each day, they are all volunteers who contribute to helping members as time permits. No one is paid by BleepingComputer for their assistance to our members.

New and more devious malware infections are released almost daily. It then takes time for our Team to to investigate, analyze and test removal techniques before we can help members like yourself. Doing that means that we sacrifice speed of response for a quality response that will help remove the malware more effectively.

Finally, please note that the service we provide is free, with no strings attached for the user. All we ask in return is patience and appreciation of our attempt to share some goodwill. Unfortunately, some people just aren't capable of that, and feel the need to antagonize our volunteers for not making them more important than the hundreds of other individuals in similar situations.

We are very glad that you were able to resolve your issue, and this topic is now closed.

~Blade
Forum Moderator

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users