Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast! Detected a Rootkit immediately before a Blue Screen


  • This topic is locked This topic is locked
1 reply to this topic

#1 nykohchun

nykohchun

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:00 PM

Posted 12 December 2010 - 02:24 AM

So this is a long story. First, about a month ago, I was browsing Bing and ended up with the ThinkPoint Virus. It took about a week to be fully rid of it. I tried everything, including a system restore, to no avail, before finally very carefully following directions to remove it through the registry. It worked, or so it seemed. As time went by, I noticed WAY too many (57 of them at one point, not kidding) instances of mshta.exe running. A quick Google search revealed that several people had the same problem after defeating Think Point, and some had discovered that going to control panel -> scheduler and deleting the "At1" "At2" "At3"...through to "At48" would fix it...apparently the multiplicity was being caused by the scheduled tasks. I did, and THAT problem was solved. Less than a week later, the computer started acting funny again. It started just by being slow. Then it began freezing. Then the popups began. First was a "You Have Won A $1000 Wal-Mart Gift Card!" window, which looked like a Windows Alert box, and was accompanied by audio with the same message. Next, there were pop ups of all sorts. Ads. Google began redirecting me to random ads and something called "Ask To Friends." I checked the Task Manager and I found four instances of iexplore.exe, though I only had one window open, and seven instances of rundll32.exe. That seemed very wrong. I ran a manual scan on Avast. It found nothing. I disconnected from the internet, disabled Avast, and ran Malwarebytes. It found a trojan "Fake.Updater" or something similar. I told it to delete it, and restarted as instructed. On reboot, I ran the scan again. Nothing was different, the virus was still there. Frustrated, I disabled Malwarebytes and ran TrendMicro House Call. It didn't find anything. I reconnected to the net, updated Malwarebytes, disconnected from the net and ran another scan. It found the virus, and quarantined it. I clicked delete, and again, nothing changed. When I reconnected to the net, the popups started the moment I opened IE. I ignored them and came here. I tried to run DDS. Blue screen of death. Restarted, tried to run it again. Blue screen of death. Gave up. Tried to run GMER. Blue screen of death, again, twice before giving up. I tried to start a topic explaining this, and got another blue screen. So I shut down and went to bed. Today when I got up, I connected to the internet, and just as the IE screen appeared, Avast (which runs a constant-protection at startup) said "Warning! Rootkit has been detected!" Before I could even read the rest of the message, a blue screen appeared, reading "IRQL_NOT_LESS_OR_EQUAL". Now, every time I turn it on, just before it is done booting, it shows this screen. I finally dug my slow, clunky 2001 Apple out of the closet and hooked her up to post this because my windows machine is dead. I am at a total loss. Help me!!

I run Windows XP Home Service Pack 3 on a Dell Inspiron E1505, but because the computer is down, I can't list processor, RAM, or hard drive size. I'm sorry. Is there anything that can be done at this point? This is not my first time at the rodeo, and I am a fast learner, but I've never encountered anything like this before.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:00 PM

Posted 19 December 2010 - 06:10 PM

Duplicate topic closed. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users