Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.boot.sst.b removal and then 0x7b BSOD on boot


  • This topic is locked This topic is locked
4 replies to this topic

#1 recompute

recompute

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 04 February 2012 - 04:48 PM

Hi there, I have a laptop that was infected. I had removed pretty much everything that was found but was still getting a kdcom.dll BSOD every hour or so while windows 7 x64 was running. I found that the machine had the rootkit.boot.sst.b infection and attempted to remove it with TDSSKILLER. Afterwards it would not fully boot no matter of Normal modem or Safe Mode. It stops on the 0x7B error every time. Upon looking around this site, I have seen some have been helped by the frst64.exe tool. I have already downloaded that and run it and got the log file for my laptop. If anyone can sleuth through the file and lend a hand, that would be great. Thanks for your time.Attached File  FRST.txt   48.63KB   23 downloads

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:02 PM

Posted 04 February 2012 - 07:30 PM

Hello recompute,

Welcome to the forum.

Please download
Save it to your flash drive.
Boot to System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart the computer, let it boot normally and tell me how it went.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 recompute

recompute
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 06 February 2012 - 11:40 AM

It boots now. All scans have come back clean now and it's running well. Attached the log for you. Thanks.Attached File  Fixlog.txt   1.01KB   10 downloads

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:02 PM

Posted 06 February 2012 - 11:55 AM

All scans have come back clean now and it's running well.


that's great news

what scans did you run,

if you'd like me to check for any leftovers, I'd be happy to do so

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:02 PM

Posted 10 February 2012 - 06:22 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users