Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen Virus? Exists after formatting?!?!


  • This topic is locked This topic is locked
5 replies to this topic

#1 Kevyn

Kevyn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 27 February 2011 - 02:48 PM

Hi, I've been having a real ass of a problem in the past two days.
Here's how the problem came to be: I was web surfing one day when all of a sudden BLUE SCREEN! I restated the computer only to have it there 9/10 of the times when I try to get to the desktop. I then started it in Safe mode but then it only happened 5/10 of the times. I did the usual stuff to try and fix it: Registry cleaner, disk cleaner, virus/spyware removers, the works! Still to no prevail I get the blue screen even more and worse now, I'm getting my web browsers redirected all over the place when searching the web for answers.
WHAT I DID TO TRY AND FIX IT: I attempted to system restore it but the problem persisted. I then tried all the virus scanners I could get my hands on to fix it and guess what? There were some virus called Virus.ADH, or something of the sort. I then brought it upon myself to do a full Format of the Partition! So basically after setting it back to factory settings I got a huge bombshell....
STATUS OF THE COMPUTER AFTER WARDS: I set up a new account name and pw, but while trying to prepare the desktop, it freezes! To my dismay it actually got worse after the formatting. I still get blue screens but now it hangs in a black screen right before entering the desktop and it suddently freezes out of nowhere. Worst of all!!!! It won't let me connect to the internet, something about the wireless devices not working or something but I know I didn't do anything to my computer.

I know this is a long problem but I really need this laptop to continue my business. Thank you so much for any positive input or advice! I'll be checking reguarly.



P.S Please tell me if you need any more information to aid me.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:03 AM

Posted 27 February 2011 - 03:06 PM

Post specific error messages, please.

"Something like that" is just plain useless, considering the staggering possible numbers/wording of error messages.

Error messages are designed/intended...to point the way to what needs attention. They are specific in nature...at least, as specific as Windows can possibly be.

<<I know this is a long problem but I really need this laptop to continue my business.>>

I hope that you have backups made and stored safely.

System manufacturer and model?

Let's try this.

Download/install BlueScreenView, http://www.nirsoft.net/utils/blue_screen_view.html.

Double-click BlueScreenView.exe file.

When scanning is done, Edit/Select All...then File/Save Selected Items.

Save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content and paste it into your next reply.

Using registry cleaners...is not helping, it's probably hurting.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
Have you checked the system for possible overheating?

Louis

Edited by hamluis, 27 February 2011 - 03:33 PM.


#3 Kevyn

Kevyn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 27 February 2011 - 03:33 PM

I was attemtping to do some of the methods you wrote but the system just plain won't let me anymore. In safe mode and normal mode it either freezes when trying to put in the password or blue screened. I gave up and called Dell and after a long process they decided I needed to replace the hardrive even though I'm pretty sure it was a virus.
I want to thank you so much for the quick responses and frank observation of my original posts. I can see that you guys know what you're doing and want to get straight to the point.

If I ever have any other computer problems I'll be sure to come to you guys first. This was just too much of a problem to deal with and I needed to get it fixed right away. I'll make sure to recommend you guys to others!
Thanks so much! =)

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:03 AM

Posted 27 February 2011 - 04:33 PM

Hello kevyn,

From your description in your first post, malware is indeed causing your issues. Please hold off on getting new hardware. I'm going to report this topic to those that deal with these kinds of issues.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:03 AM

Posted 27 February 2011 - 10:23 PM

Hi, :welcome:

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin zipped file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.bin zipped file must be attached to your reply.
=============================================

MBR backup


The reports are clear. Lets check your master boot record (MBR)

  • Boot the Sick computer with the xPUD CD.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see the files in your USB drive.
  • Press Tool at the top
  • Choose Open Terminal
  • Type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located on your USB drive named mbr.bin
  • zip that file and attach it to a reply

Edited by Orange Blossom, 28 February 2011 - 01:45 AM.
Moved to log forum. ~ OB

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:03 AM

Posted 12 September 2011 - 12:08 AM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users