Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Olmarik.AJL - Windows 7 with BSOD 0x50


  • Please log in to reply
4 replies to this topic

#1 pudn-UK

pudn-UK

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 January 2011 - 06:45 PM

I have a problem with a clients machine - a fairly new laptop - with Windows 7 installed but which BSOD's at bootup in both Normal Startup and any of the SAfe-Mode Startup options. The BSOD is: 'PAGE_FAULT_IN_NON_PAGED_AREA' (0x50). As the machine would not allow me access at all I removed the hard drive and scanned with ESET Smart Security on one of my own machine. This found WIN32/Olmarik.AJL in the MBR of the drive.

As mentioned the machine will not let me enter Windows when booting from the affected drive itself and I have only been able to discover the problem by scanning via anohter machine when the drive was attached with a USB to SATA drive adaptor.

Is there anything that can be done other than a clean install of Windows 7. Is this safe from the Recovery Partition or shopuld I use a Windows 7 disk?

Rgds,

pudn-UK

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:44 AM

Posted 17 January 2011 - 06:59 AM

Please sit tight and be patient.

I have requested that an experienced helper who specialises in un-bootable computers respond to your topic.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 pudn-UK

pudn-UK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 18 January 2011 - 08:05 AM

I had to get that machine back to the user fairly quickly so I wiped, formatted and reinstalled.

HOWEVER, I have a second machine with the same problem. The laptop boots up and the user logs in to an empty desktop! Starting Task Manager and attemptint to Run explorer.exe reports that explorer.exe has a virus! I am now scanning the hard drive with Eset Smart Security while connected to one of my own machines and it is reporting Olmarik in the boot sector.

Addendum: The Eset Scan having finsihed it found a number of other problem files, as follows:

Scan Log
Version of virus signature database: 5795 (20110117)
Date: 18/01/2011 Time: 12:58:44
Scanned disks, folders and files: F:\Boot sector;F:\
MBR sector of the 2. physical disk - Win32/Olmarik.AJL trojan - action selection postponed until scan completion
F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe - Win32/TrojanDownloader.Unruy.BN trojan - cleaned by deleting - quarantined [1]
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe - Win32/TrojanDownloader.Unruy.BN trojan - cleaned by deleting - quarantined [1]
F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe - Win32/TrojanDownloader.Unruy.BN trojan - cleaned by deleting - quarantined [1]
F:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe - Win32/TrojanDownloader.Unruy.BN trojan - cleaned by deleting - quarantined [1]
F:\Program Files\iTunes\iTunesHelper.exe - Win32/TrojanDownloader.Unruy.BN trojan - cleaned by deleting - quarantined [1]
F:\Program Files\QuickTime\QTTask.exe - Win32/TrojanDownloader.Unruy.BN trojan - cleaned by deleting - quarantined [1]
F:\Program Files\Synaptics\SynTP\SynTPStart.exe - Win32/TrojanDownloader.Unruy.BN trojan - cleaned by deleting - quarantined [1]
F:\Users\Public\Documents\Server\hlp.dat - Win32/Bamital.DZ trojan - cleaned by deleting - quarantined [1]
F:\Users\USER\AppData\Local\Temp\passthru.sys - Win32/Agent.OJD trojan - cleaned by deleting - quarantined [1]
F:\Users\USER\AppData\Roaming\93323281FBA5D7B1E5489E32BCD181FF\enemies-names.txt - Win32/Adware.AntimalwareDoctor.AE.Gen application - cleaned by deleting - quarantined [1]
F:\Windows\explorer.exe - Win32/Bamital.EV trojan - action selection postponed until scan completion
F:\Windows\System32\wininit(63).exe - Win32/Bamital.EV trojan - action selection postponed until scan completion
F:\Windows\System32\wininit.exe - Win32/Bamital.EV trojan - action selection postponed until scan completion
F:\Windows\System32\drivers\passthru.sys - Win32/Agent.OJD trojan - cleaned by deleting - quarantined [1]
F:\Windows\System32\DriverStore\FileRepository\netsf.inf_bc508e40\passthru.sys - Win32/Agent.OJD trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
F:\Windows\Temp\eixx\setup.exe - Win32/TrojanDownloader.Unruy.BN trojan - cleaned by deleting - quarantined [1]
F:\Windows\Temp\sfwb\setup.exe - a variant of Win32/Kryptik.JRY trojan - cleaned by deleting - quarantined [1]
F:\Windows\Temp\xhps\setup.exe - a variant of Win32/Kryptik.JRY trojan - cleaned by deleting - quarantined [1]
Number of scanned objects: 265132
Number of threats found: 19
Number of cleaned objects: 15
Time of completion: 18:39:05 Total scanning time: 20421 sec (05:40:21)

Edited by pudn-UK, 18 January 2011 - 02:39 PM.


#4 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:05:44 AM

Posted 19 January 2011 - 12:48 AM

The system is seriously infected: Have you given due consideration to wiping the hard drive and starting again?

Your particular malware issue requires the use of tools and procedures beyond what is allowed in this forum.

Please follow the instructions in the
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

When you have done that, post your log in the "Virus, Trojan, Spyware, and Malware Removal Logs forum", NOT here, for assistance by the Malware Response Team experts.

Please let us know, here, if you have been able to successfully start your new topic.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 bdgate

bdgate

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 20 January 2011 - 10:38 PM

Greetings!

I got the same problem. I was infected by the same virus and for 4days Id been trying everything just to solve this hiccup. Anyways,

Here's the solution:

1. Download hiren boot cd then burn it. use the cd to access your pc then do a scan on your hard drive using your AV. Here's the download link

http://www.filesonic.com/file/53927946

hope it helps.

blessings,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users