Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen and restart


  • Please log in to reply
7 replies to this topic

#1 kimmature

kimmature

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 19 July 2012 - 07:36 PM

My laptop will blue screen whilst I'm using it and automatically restart. I have the feeling this is due to a virus as it got one which I cleared not long before it started doing this. Is there any way to solve this problem?

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:10 PM

Posted 20 July 2012 - 07:56 PM

Hi

We Need to Diagnose Your BlueScreen

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:

    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

    Posted Image

Please post me the error(s).

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 kimmature

kimmature
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 July 2012 - 12:07 PM

right, sorry for my late reply firstly. I've been moving out of my student house so been busy with packing. Also my computer when I adcdtually want and need it to blue screen is seemingly not blue screening (which sounds weird wanting a computer to blue screen!) it is still running incredibly slowly, and while running a virus scanner I have actually come across and infected file (so I'll add the log of that scan on the end, incase it will be meaningful towards my computer issues). To try and spead things up I ran bluescreenview program, just incase that could be helpful information for you. if not it seems i@ll be waiting for ages for it to blue screen once more.

Results from bluescreenview

Dump File : 072012-19250-01.dmp
Crash Time : 20/07/2012 01:33:34
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`02ee8d75
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\072012-19250-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 7601
Dump File Size : 275,192
==================================================

==================================================
Dump File : 052311-44678-01.dmp
Crash Time : 23/05/2011 23:55:58
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fc`40036420
Parameter 2 : ffffffff`c0000185
Parameter 3 : 00000000`55252be0
Parameter 4 : fffff880`06c84000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70700
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70700
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\052311-44678-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 7600
Dump File Size : 286,712
==================================================

==================================================
Dump File : 121610-21262-01.dmp
Crash Time : 16/12/2010 08:56:06
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`01bb2450
Parameter 3 : fffff800`03fb2518
Parameter 4 : fffffa80`01e4a010
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\121610-21262-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 7600
Dump File Size : 975,560
==================================================

==================================================
Dump File : 120810-38438-01.dmp
Crash Time : 08/12/2010 01:16:57
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fc`5004d440
Parameter 2 : ffffffff`c0000185
Parameter 3 : 00000000`350c6880
Parameter 4 : fffff8a0`09a88a80
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\120810-38438-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 7600
Dump File Size : 282,904
==================================================

==================================================
Dump File : 110910-32697-01.dmp
Crash Time : 09/11/2010 23:02:50
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fc`80618198
Parameter 2 : ffffffff`c0000185
Parameter 3 : 00000000`11e6c880
Parameter 4 : fffff900`c30334c0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\110910-32697-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 7600
Dump File Size : 282,904
==================================================

==================================================
Dump File : 102710-34523-01.dmp
Crash Time : 27/10/2010 00:45:43
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fc`50001a90
Parameter 2 : ffffffff`c0000185
Parameter 3 : 00000000`288fd880
Parameter 4 : fffff8a0`00352c00
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\102710-34523-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 7600
Dump File Size : 282,904
==================================================

==================================================
Dump File : 072010-18298-01.dmp
Crash Time : 20/07/2010 01:49:17
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6fc`000174a0
Parameter 2 : ffffffff`c0000185
Parameter 3 : 00000000`15879860
Parameter 4 : fffff800`02e94e40
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70600
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70600
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\072010-18298-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 7600
Dump File Size : 282,904
==================================================

There's some of the blue screening information from the computer

This is the ESET scanner results which found a threat.
C:\Users\Kimmi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5919b2d1-2a60edda Java/TrojanDownloader.Agent.NBU trojan deleted - quarantined

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:10 PM

Posted 26 July 2012 - 12:29 PM

Hi

Since a Trojan has been identified by ESET:

-----------------------------

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.

We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.

Knowing the above, do you wish to proceed with cleaning the malware from the computer?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 kimmature

kimmature
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 July 2012 - 08:40 AM

I would prefer to see if I can clean the malware off before doing a full system restore, due to some of the documents I have on the computer (mainly pictures) and want to make sure the computer is clean before taking them off, or at least as clean as possible. I don't have the risk of the laptop being untrustworthy for stuff like online shopping and banking as I don't use the infected laptop for these sorts of activities.

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:10 PM

Posted 27 July 2012 - 08:55 AM

Ok,

Do you have access to another computer & do you have a usb drive?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 kimmature

kimmature
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 July 2012 - 12:01 PM

I have access to another computer and a usb drive, yes.

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:10 PM

Posted 28 July 2012 - 10:39 AM

Ok, a few points first:

--------------------------------

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

:step1:

Using the other computer, please backup any files on the USB flash drive you wish to keep, since it will be wiped in step 2 below.

:step2:

Using the same computer, please reformat your flash drive, by following the instructions on link.
Choose NTFS for the filetype.

:step3:

Using the same computer, please download TDSSkiller, SecurityCheck, Farbars Service Scanner (FSS), and Minitoolbox, via the links below to your USB flash drive:

TDSS Rootkit Removing Tool
SecurityCheck
Farbars Service Scanner
MiniToolBox

--------------------

Let me know once you have done these steps, then I can give you the next instructions.

edited: to correct a link

Edited by dev00790, 28 July 2012 - 10:41 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users