Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD Bad_Pool_Caller only in Safe Mode


  • Please log in to reply
No replies to this topic

#1 agerickson

agerickson

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 17 December 2010 - 10:31 PM

I have a weird problem.

I was having hijack problems where certain sites were telling me that their content was protected and that I had to fill in certain information to gain access to the content.

I was going to boot in safe mode with networking, download the latest MBAM database and run a scan.

I found two problems,

1. I could not boot into safe mode - getting an error "BAD-POOL-CALLER"

2. I could not get the latest database for MBAM.

Looking at the second problem, pinging www.malwarebytes.org routed to 127.0.0.1 - so I downloaded from another machine a clean copy of MBAM and installed it on the infected machine. I did a complete scan of my system but not in safe mode. It found the culprits:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.197,93.188.160.117) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A59D3FE-D793-44F8-BFD0-2FB7366529F7}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.197,93.188.160.117) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C82C7617-F068-4353-B1CE-0BC8E38C1C59}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.197,93.188.160.117) Good: () -> Quarantined and deleted successfully.

I rebooted, and that fixed problem number 2, however, I still cannot reboot into safe mode.

The full MBAM scan took 5 1/2 hours! - partly because I didn't disable Panda AV, so it was scanning every file that MBAM opened, and partly because I have 849,916 objects to scan. SHEESH!

Please help me clean up my system!

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users