Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD after running Norton Power eraser Help


  • Please log in to reply
5 replies to this topic

#1 tboybmx

tboybmx

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth, you?
  • Local time:07:36 AM

Posted 07 December 2011 - 10:49 PM

Hi all,
Please help me as I tried to remove malware from my friends laptop and now recieve BSOD saying something about, "The problem seems to be caused by the following file: ACPI.sys" My friend originally gave me the laptop with F-Secure expired and saying something about a trojan so I ran malwarebytes and it found 15 infections don't remember what kind but alot of trojans. So then I tried to uninstall f-secure and it will not so I decided to download Norton Power eraser but when I ran it it said to restart and that's when the BSOD started and I can't get into safe mode and I don't have the original CD's for this laptop thank you for any assistance

BC AdBot (Login to Remove)

 


#2 tboybmx

tboybmx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth, you?
  • Local time:07:36 AM

Posted 07 December 2011 - 11:41 PM

UPDATE:
OK I was able to do a last known good configuration and windows started up and Norton Power eraser finshed and found 2 things bad in registry one being task manger disabled the other I could not really tell what it was. I did a second scan with Norton Power eraser again on restart BSOD. Had to do another Last known good configuration this time Norton Power eraser did not detect anything. I am running another Malwarebytes scan will update. But I need help because I'm sure something is still wrong, whether it's malware or corrupt files (due to malware). Can someone still help me?

P.S. sorry I have Windows XP Home edition (srry)

#3 tboybmx

tboybmx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth, you?
  • Local time:07:36 AM

Posted 08 December 2011 - 12:22 AM

Done with second full scan of malwarebytes and it found 2 infections: Trojan.FakeAlert and Trojan.Downloader.

What now? How can I be sure my system is clean? And why can't F-secure uninstall? So I can install another security suite once everything is cleared up.

Thank you for any help.

#4 tboybmx

tboybmx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth, you?
  • Local time:07:36 AM

Posted 08 December 2011 - 03:44 AM

Ok here I go again I ran the Microsoft malicious removal thing and it came up with 4 infections but listed only these three:

Trojan:Win32/Vundo.gen!AV
Trojan:JS/Hilot:.C
Trojan:JS/Hilot:.F

I proceeded to remove. I then notice theres this icon that says Sys Fix I did research and found out it's a rogue program I tried to follow the instructions on this website to Download RKill while in safe mode and also TDSSKiller (because I do have redirects in my browser)Funny thing is that when I run RKill it seems like it's working and a log file pops up BUT also the window saying my computer is in safe mode???? why would this pop up if I already started it in safe mode and already seen that window in the beginning?

Then I try to run TDSSKiller and no matter what I do it won't run. I downloaded it on a clean PC and transfer via USB renamed it many times and it won't run. I also ran Malwarebytes again in safe mode and no infections show up....But Sys Fix is still there and redirects are still happening. I know I am still infected but don't know what to do anymore.

#5 tboybmx

tboybmx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth, you?
  • Local time:07:36 AM

Posted 08 December 2011 - 07:49 PM

Ok I was able to run TDSSKiller NOT in safe mode like it says here on bleeping computer, But in regular windows and it found a rootkitand virus:

Rootkit.Boot.SST.a PhysicalDrive\DeviceHardDisk0\DRO

Virus.Win32.Rloader.a service ACPI

and removed it. I ran Malwarebyts again....No infections and I found a Utility to remove F-Secure. Then I installed Microsoft Security Essentials and it found a exploit with java and a Trojan. My system restore I could not delete for some reason, maybe malware was preventing me from deleting restore points so it can resurface later, I found out how to uninstall System Restore, BUT now I have system restore from before any SP3 updates which is fine because I can now disable system Restore and all the old restore points are gone, also who needs Microsoft's System Restore when 90% of the time it does not work.

Well now bringing this long story up to date I finally install Kaspersky Internet Security 2012 Trial and it has found no malware. I think all might be well.

Scans show no threats I no longer have browser redirects and want to THANK ALL on here who was SO QUICK to help me out, I mean come on over 120 views and all replies mine! Not even a Good Luck?

Thanks again and I hope this helps out someone else who has to roll up their sleeves and figure it out for themselves.

Edited by tboybmx, 08 December 2011 - 07:53 PM.


#6 tboybmx

tboybmx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth, you?
  • Local time:07:36 AM

Posted 11 December 2011 - 01:22 AM

Happy Holidays!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users