Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installing Anti-virus creates blue screen to show


  • This topic is locked This topic is locked
15 replies to this topic

#1 jenny_shrp

jenny_shrp

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 07 January 2011 - 12:55 PM

Hello,

I have searched topics and became overwhelmed with trying to find my specific problem. I currently have Windows Vista Home ed. on a two-year-old gateway PC. My old anti-virus with ATT expired therefore; I purchased a new one: Deffender Pro 2011. Before installing, Deffender Pro will scan PC to detect and remove suspicious malware and viruses however; as it scans through my rootkits, it stops at scanning C/program files/common/sys. (or sys32...can't remember). After that scan it stops and I receive the Blue Screen of Death. I have tried running malwarebytes and it detected and quarantined/removed 24 infections, including 2 trojans. I also ran a CHKDSK and it still will not let me install anti-virus because the BSOD appears. Below is the description I have when the BSOD appears:

Technical info:
STOP: 0x00000024 (0x001904aa, 0x9de769e0, 0x9de766dc, 0x8a1e872d)

Ntsc.sys 8a1e872d - 8a1e3000
Datestamp 49e01929

If anyone knows what else I can do before junking my hard drive and buying a new OS, I would appreciate it. My pc was pre-installed therefore; I do not even own the OS disc, which means I have to fork out all kinds of cash I don't have right now. Thanks in advance!

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:50 PM

Posted 07 January 2011 - 03:25 PM

Hi :).

That error, STOP: 0x00000024, reflects a problem with the file system...the foundation upon which your installation rests.

Per http://www.aumha.org/a/stop.htm:

0x00000024: NTFS_FILE_SYSTEM
A problem occurred within NTFS.SYS, the driver file that allows the system to read and write to NTFS file system drives. There may be a physical problem with the disk, or an Interrupt Request Packet (IRP) may be corrupted. Other common causes include heavy hard drive fragmentation, heavy file I/O, problems with some types of drive-mirroring software, or some antivirus software. I suggest running ChkDsk or ScanDisk as a first step; then disable all file system filters such as virus scanners, firewall software, or backup utilities. Check the file properties of NTFS.SYS to ensure it matches the current OS or SP version. Update all disk, tape backup, CD-ROM, or removable device drivers to the most current versions.


The other problem that I see...is your report of infected files. That needs to be checked out before anything else, IMO.

The BSOD and the malware items may be totally unrelated...or they may be related. The malware can be more easily checked, I believe.

The previous poster...suggested that you post in the forum he linked to. Rather than make another post, I will just move this topic to that forum.

Louis

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 07 January 2011 - 03:50 PM

Hello ,have you removed the Antivirus from ATT ( which one was it)?
You may want to uninstall Defender Pro 2011 also as the install may be corrupt.

Please post the infected MBAM log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Now run an Online scan.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 jenny_shrp

jenny_shrp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 07 January 2011 - 06:21 PM

Thanks so much for the replies. I have run CHKDSK and there was an error showing on free disk space and it was corrected. I also followed a few links on the virus forum for the "blue screen" and I have found problems in the registries and it was cleared. I tried to re-run the anti-virus only to get the blue screen once more. So, instead of allowing the anti-virus to do it's pre-scan before installing, I skipped that step just to ensure I have some type of protection on the PC, if that is possible at this time. I think I have a problem with the Windows itself however; I will work on all the steps mentioned above and post with further information regarding results by the morning. I really do not want to buy another hard drive and OS disc so I am up to any options. Thank you all and I will post back in the morning with information.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 07 January 2011 - 07:57 PM

If it helps,to determine if your DP2011 is the issue uninstall it and try this free AV in the meantime for protection. It is the AV I use so its also good.

First uninstall the ATT one. Then download and save AVIRA to desktop. Uninstall the other AV then install the AVira and scan. See if the other issue is gone and post that log.
Avira Antivir
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 jenny_shrp

jenny_shrp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 07 January 2011 - 10:03 PM

Here is my Malewarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5474

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/6/2011 8:57:10 PM
mbam-log-2011-01-06 (20-57-10).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 346112
Time elapsed: 53 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I did uninstall ATT's Mcafee because it expired due to me changing ISP. The Deffender pro was first installed on my laptop and had no problems at all installing on that. I am going to run the tests and try to get an anti-virus for now. Hopefully I can fix the NFTS. Thanks

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 07 January 2011 - 10:18 PM

I think you should run an ESET scan next to see if any thing is left. Vundo is a stubborn malware.
Let's see if you are clean and then you can do hamluis' instructions.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 jenny_shrp

jenny_shrp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 08 January 2011 - 10:01 AM

Yes, that is the next scan I am running and after all night, it is only at 57%. It will be a while. Hopefully we get some results today. Thanks again!

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 08 January 2011 - 10:27 AM

No problem,,there are no shortcuts in malware removal.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 jenny_shrp

jenny_shrp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 08 January 2011 - 01:26 PM

The ESET scan did not find any threats. It would not even show me an option to save information or results to text. Says 0 found threats in all catergories. Guess that it good however; I still cannot perform a scan on PC because the BSOD still pops up when I try.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 08 January 2011 - 08:27 PM

In some instances if no malware is found there will be no log produced.

You still cannot perform the NTFS scan?

Edited by boopme, 08 January 2011 - 08:28 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 jenny_shrp

jenny_shrp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 09 January 2011 - 09:34 AM

An NTFS scan through CHKDSK or ESET? Or do you mean my anti-virus? I am not able to complete any scan using the deffender pro 2011 although it loaded and works perfectly on my laptop. The PC is the only one not letting me install the anti-virus because the anti-virus does a pre-scan before installing and stops in the C/progran files/commom/sys file. I have bypassed the intial scan to install however; when I click to scan, it will revert back to the BSOD. I am so confused why this is happening if no malware is detected. I am thinking the virus actually damaged the pc now because what else could it be? Thanks.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 09 January 2011 - 02:10 PM

This what we should do now, It is the safest and surest way.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 jenny_shrp

jenny_shrp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 09 January 2011 - 10:27 PM

Thanks. I ran the first few steps and my entire PC freezes when the GMER scan completes therefore; I am not able to save anything. So far, my pc has randomly turned itself off, changed my home page and frozen during the GMER scan. I see I am getting worse than better and I have done nothing but disinfect, or at least try to. I have no idea which topic name to give my situation because I haven't the slightest idea to what is troubling my pc however; I will continue with what I have so far. I appreciate all you could do! :0)

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 PM

Posted 09 January 2011 - 10:57 PM

Hi Name it Many issues.
Skip Gmer and just post the DDS log.

Copy this link into your new topic,it refers back to here.

http://www.bleepingcomputer.com/forums/topic371937.html/page__pid__2087227#entry2087227
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users