Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

work computer infected, running malwarebytes gives me bsod


  • This topic is locked This topic is locked
9 replies to this topic

#1 filter859

filter859

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 25 September 2011 - 12:14 PM

Hi All, I'm looking for some help finding out if my home machine is infected with anything.

The machine is an imac running windows 7 via bootcamp.

My computer at work came down with something and I routinely transfer files back and forth and run a portable version of firefox on a usb key in both locations so I'm worried.

I tried running malwarebytes and every time it would give me a blue screen of death after about 10 minutes of running. I switched over to safe mode and it ran successfully without finding anything but I'm still worried.

Someone on another forum told me to run combofix so I did, though I see now that that may have been a mistake to do prior to being asked to do so by someone here.

In any case, I've ran combofix and DDS from windows safe mode just a few minutes ago and will post the logs shortly.

Thanks much for any help.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 AM

Posted 30 September 2011 - 08:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Are you still with us?

Please post the logs for my review.

If you have additional information concerning this infection please advise.

#3 filter859

filter859
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 30 September 2011 - 10:11 PM

Hi I'm still here. I haven't really noticed any problems other than the fact that malwarebytes will cause a blue screen of death anytime I run it other than when in safe mode.

I've attached the logs from the few programs I did run:

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 AM

Posted 01 October 2011 - 08:22 AM

Nothing suspicious was found on your logs.

I did notice that you have not System Restore on this computer.

I suggest you read this article and set the option.

http://www.sevenforums.com/tutorials/700-system-restore.html
===

As for Malwarebytes I can only suggest at this time that you delete your version of the file.

Download a fresh copy. When asked to save the file change the filename to iexplore.exe and save it to your desktop.
If later you remove the file make sure you delete the renamed file and not the iexplore.exe which is the Internet Explorer.
The operating system file is normally in C:\Programas\Internet Explorer\.

Try to run this renamed mbam. Post the log if you can.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 AM

Posted 05 October 2011 - 01:22 PM

Are you still with me?

#6 filter859

filter859
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 05 October 2011 - 02:50 PM

Are you still with me?


Sorry it took so long to get back.

I was able to run malwarebytes without the blue screen after saving the download file as iexplore.exe as you suggest. I ran the installer, then after installing renamed mbam.exe to iexplore.exe also and ran the scan. I haven't yet ran a test of renaming it back to mbam.exe to see if I get the BSOD again.

Here is the resulting log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/5/2011 2:13:27 PM
mbam-log-2011-10-05 (14-13-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 305384
Time elapsed: 35 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 AM

Posted 06 October 2011 - 06:26 AM

Your log is clean.

Is the issue solved?

#8 filter859

filter859
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 06 October 2011 - 08:05 AM

Yes, it is.

Thank you very much for taking the time to look at this for me.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 AM

Posted 06 October 2011 - 01:40 PM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used to clean this computer.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:37 AM

Posted 06 October 2011 - 01:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users