Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection


  • Please log in to reply
4 replies to this topic

#1 edesign

edesign

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:07 PM

Posted 08 October 2011 - 03:01 AM

Hi All,

I opened an email attachment (on an email claiming to be from Australia Post) the other day and within seconds my computer had critically low memory. I started my antivirus virus software and it kept shutting down. Another antivirus program, which was an obvious fake, started out of nowhere and asked me to purchase it to have the problem fixed. Shortly after that I lost all icons, programs, and was unable to access anything on my HDD's.

I have disconnected all my HDD's and brought a new one and installed Windows XP on this in able to try to fix the problem. But I am still having problems when booting the new HDD, so I suspect that something has been changed in the BIOS.

The following is what happens when I try to load my main infected drive (have 2 other infected sub drives).

1.

A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen, restart your computer. If this appears again follow these steps:

Check to be sure you have adequate disk space. If a drive is identified in the stop message, disable the drive or check with the manufacturer for driver updates. Try changing video adapters.

Check with hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select advanced startup options and then select safe mode.

Technical information

***STOP: 0x0000008E (0xc0000005, 0x804EF620, 0xba5039A0, 0x00000000)
Beginning dump of physical memory.
Dumping physical memory to disk.

____________________________________
I have restarted the computer from this page. Then let it complete the physical memory dump, after which it auto restarts. Then I have pressed F8, black screen nothing happen.
I repeated the cold reboot and F8 several times then got the following.


2.

*********WARNING!!!!****************
Too many cold reset due BIOS POST system might be incorrectly overclocked.

*Warning: System BOOT Fail*****
Your system last book fail or POST interrupted.
Please enter setup to load default and reboot again
Press F1 to run SETUP
Press F2 to load default values and continue

__________________
Selected F2
__________________

3.

Auto - Detecting Sec Master.. IDE Hard Disk
SATA4

BC AdBot (Login to Remove)

 


#2 edesign

edesign
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:07 PM

Posted 08 October 2011 - 06:20 AM

Hi

Just found another member with what sounds like the same problem as I originally had

http://www.bleepingcomputer.com/forums/topic421939.html

The fake scan (Data Restore) and run32 errors. And the multiple windows saying: delayed write failed and rundll error loading file.

This was exactly what happened on my system.

Edited by hamluis, 08 October 2011 - 08:43 AM.
Merged topics.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:07 AM

Posted 12 October 2011 - 09:04 AM

As I asked there... These my be orphans from malware removal. Could you post the full error meessage.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 edesign

edesign
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:07 PM

Posted 15 October 2011 - 12:51 AM

Hi Boopme, thanks for looking over this problem for me.
Please find below the error messages.

MBAM -

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7944

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

15/10/2011 12:06:53 AM
mbam-log-2011-10-15 (00-06-53).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 344368
Time elapsed: 1 hour(s), 13 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\documents and settings\all users\application data\didfurclejec.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\documents and settings\all users\application data\hnwuijlvsl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\documents and settings\all users\application data\nxbppaqqtfixr.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
e:\documents and settings\Family\local settings\Temp\p1kalmig2kb7fz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\documents and settings\Family\local settings\Temp\10B.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
e:\documents and settings\Family\local settings\temporary internet files\Content.IE5\C8NBTAVM\ferat[1].exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
e:\documents and settings\Family\local settings\temporary internet files\Content.IE5\C8NBTAVM\husp[1].exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
e:\documents and settings\Family\local settings\temporary internet files\Content.IE5\K5J22QY1\sis[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


RKILL -

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 14/10/2011 at 22:37:57.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe


Rkill completed on 14/10/2011 at 22:38:06.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:07 AM

Posted 15 October 2011 - 07:45 PM

Hi, I don't see them :huh:
Please find below the error messages.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users