Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD caused by TDSS rootkit or possibly something else


  • Please log in to reply
2 replies to this topic

#1 veritechmaster

veritechmaster

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 04 August 2011 - 10:05 PM

Ok so after looking around the internet and looking at various sites I decided to try listing my own problem and hoping for help. I was on my desktop a few days ago and I accidently clicked a link I shouldn't have. My computer proceeded to shut itself off and after I hit the button again, it turned on and got to the blank screen with the blinking cursor in the upper left corner. I restarted and tried to get into safe mode, only after hitting F8 and getting the menu for selecting to boot from HDD or disc and chosing HDD, it went right back to the blank screen with the cursor. After that I put my bootable xp disc in and tried starting it up that way. It loaded to the screen were you can reinstall xp if you want. I didn't, and I couldn't get into recovery console from there so I exited the disc and restarted. This time I left my computer load normally and after a few extra minutes, it loaded to my desktop. After maybe 60 seconds, I got a BSOD with the following error codes: 0x0000007E (0x0000005, 0xBA5B0767, 0xBA4DbbF4, 0xBA4DB8F0) On the second line it listed prosync1.sys and that was it. After I restarted from the BSOD, it went to the blank screen again. 3 subsequent restarts lead to the blank screen and none to the desktop then BSOD. After this I made a kaspersky rescue disk 10 using all the lastest definitions and boots from it, scanning 2 times and found, among various other viruses, a TDSS rootkit virus. In both scans it found it but never did anything about it and didn't seem to let me do anything about it either. When both scans were done, I restarted and got back to the desktop only to get the BSOD and same error codes. This time I restarted with a recovery console disk and proceded to run checkdesk, replace the MBR and boot sectors and disabled bootcfg. A side note: All literature tells me that you can't remove a rootkit unless in normal or safe mode. After running all those recovery console programs, I again restarted. And guess what, same desktop BSOD error codes. And in case your wondering, it isn't anything hardware related. My question is this, besides the obivous one of how do I fix all this:Is this just the rootkit? Or is it the rootkit and something else going wrong at the same time? I can't access safe mode or even system restore, as much as I'd love to.

Computer specifications: I can't remember them at the moment...but feel free to ask

Edited by hamluis, 05 August 2011 - 11:41 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:47 AM

Posted 04 August 2011 - 10:18 PM

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Artrooks

Artrooks

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:47 AM

Posted 05 August 2011 - 11:20 AM

Hello veritechmaster,

Just a thought after reading the beginning of your post, if the F8 key is pressed too soon you may be presented with a menu to boot from : Hard Drive, USB, CDROM, etc. If you select your boot drive then your computer will attempt to boot normally, in your case to a blank screen. If you continue to press the F8 key after selecting your boot drive then you should be presented with the "Windows Advanced Options Menu" of which Safe Mode is one option.

If you can access "Windows Advanced Options Menu" and "Last Known Good Configuration" or "Safe Mode" is not accessible, try "Safe mode with Command Prompt." There is a way to access System Restore from the command prompt.

My guess is that Broni will move this post.

Regards,
Artrooks

Regards,
Brooks



 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users