Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win xp BSOD Compter Keeps rRstarting


  • Please log in to reply
9 replies to this topic

#1 learntodowell

learntodowell

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 20 August 2012 - 05:54 PM

Over the weekend while internet surfing I picked up a virus that stopped me from having internet access. I either restarted the computer and the problem went away or ran hitman or mbam and the problem was fixed. Then on Monday some really bad things happened. The internet turned off and I ran hitman and mbam. There were viruses like GAC and 0008 and n and desktop.ini shown in the mbam and hitman logs. I kept deleting them using mbam and hitman and then the last thing that happened after running mbam and having 6 viruses then running mbam and having 16 viruses was hitman and mbam were on the screen simultaneously with hitman showing the n virus, and others already listed and when the machine restarted I recived the blue screen of death which appeared for 1 second with white writing i could not read because the computer restarted so fast i could not read it. I have run mbam from one ssd to the infected hdd on the same system.

System.
hp desktop 8457c
amd 9500 cpu
ssd runing win 7 (prime boot drive)
hdd running xp )infected)
4 gb ram
dsl internet connection

------

I ran recovery console but safe mode does not work (bsod).
I ran recovery console did a chkdsk and fixboot but that did not fix the bsod.
I am so upset. Please help!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

---
Currently running mbam from the sdd to scan the infected hdd as well as using the emisoft emergency scan kit to do the same.
I think my hdd xp registry is messed up.. Ouch!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I need the hdd to run a ssl certificate from so I can access my school work !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Help!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ty
:)

Edited by learntodowell, 21 August 2012 - 11:30 AM.


BC AdBot (Login to Remove)

 


#2 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 21 August 2012 - 10:54 AM

My sdd with win 7 is my prime boot drive. however because i have a ssl certificate on the hdd which is infected i cannot use the hdd as prime boot drive to access the certificate which will not transfer to win 7 wiuthout a new certificate i cannot log into my school online because the hdd is infected blocking access to the ssl certificate needed for log on to the school. The infected hdd runs xp and when used as the boot drive gives me the bsod.

:)
ty. for reading this post.

Update:

Ran Emisoft emegency kit which took many hours to run (all night). It showed no problems on the hdd as i ran emisoft from the ssd and selected deep scan to check both the ssd and hdd.
I am running mbam from the ssd to check the hdd and will post results. Last time mbam showed a setup program was listed as a bug but no action was taken when mbam cleanded the hdd.

#3 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 21 August 2012 - 11:26 AM

I will list the mbam logs:

MONDAY:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

Protection: Enabled

8/20/2012 2:45:39 PM
mbam-log-2012-08-20 (14-45-39).txt

Scan type: Full scan (I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344293
Time elapsed: 33 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 16
I:\Downloads\Software\Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
I:\System Volume Information\_restore{2CA93827-35DB-456C-8C41-13C9759CBB26}\RP1\A0001005.ini (Trojan.0access) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2CA93827-35DB-456C-8C41-13C9759CBB26}\RP1\A0001093.ini (Trojan.0access) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2CA93827-35DB-456C-8C41-13C9759CBB26}\RP1\A0001097.ini (Trojan.0access) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2CA93827-35DB-456C-8C41-13C9759CBB26}\RP1\A0001102.ini (Trojan.0access) -> Quarantined and deleted successfully.
I:\WINDOWS\msiserv.exe (Trojan.Phex.THAGen9) -> Quarantined and deleted successfully.
I:\WINDOWS\Installer\{9410a612-2040-29ee-592e-b93fe636ff7b}\n (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\Installer\{9410a612-2040-29ee-592e-b93fe636ff7b}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
I:\WINDOWS\Installer\{9410a612-2040-29ee-592e-b93fe636ff7b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
I:\WINDOWS\Installer\{9410a612-2040-29ee-592e-b93fe636ff7b}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
I:\WINDOWS\Installer\{9410a612-2040-29ee-592e-b93fe636ff7b}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
I:\WINDOWS\Installer\{9410a612-2040-29ee-592e-b93fe636ff7b}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\kqgcbnsp.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{9410a612-2040-29ee-592e-b93fe636ff7b}\n (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\otbgsanqmsvhutgmfsldkes.exe (Trojan.Phex.THAGen9) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\temp74.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

(end)

============================================

TUESDAY

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

Protection: Enabled

8/21/2012 11:46:23 AM
mbam-log-2012-08-21 (11-46-23).txt

Scan type: Full scan (I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344771
Time elapsed: 27 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
I:\Downloads\Software\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)

=======================================

#4 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 21 August 2012 - 11:28 AM

I ran mbam as shown above.
I still receive the bsod when I boot my computer from the infected hdd running xp.
I can scan the infected hdd when i boot from my ssd running win 7.

ty. :)

Edited by learntodowell, 21 August 2012 - 11:32 AM.


#5 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 21 August 2012 - 11:52 AM

I ran the hdd as prime boot received bsod. Then i tried during booting .. control key f8 .... to look at modes of starting and selected boot from "last known good configuration". Then I saw a screen that said..

boot will not work due to missing or corrupted file: windows/system32/config/system

When I booted from the ssd to look at this file I saw the file there with a date of Monday august 20 which is when I started having difficulty with the machine not booting from the hdd xp drive as primary boot drive.

When I clicked on the "system" file the computer stated "Access denied".

I hope this helps explain the problems I am having.

ty. :)

#6 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 22 August 2012 - 02:17 PM

Booted computer using infected hdd as primary boot with xp as os. I tried chkdsk / p, /i and / r with all working but no change in bsod. I tried chkdsk / f and it did not work via the windows recovery console given the computer stated the command pamater was not valid.


ty :)

#7 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 22 August 2012 - 02:24 PM

I am not sure what effect it had or when I did it but I remember at some point with hitman pro on the screen using the infected hdd as the primary boot drive that hitman had locked up with multiple virus displayed like the "n" virus and several others. So I unplugged the computer to restart the machine and then had all these problems ... i think.

I tried to enter the infected hdd via cmd prompt by botting the computer first in win 7 using the ssd as the primary boot. I then tried to change the system file in config system 32 to system.bak by replacing system with system.bak. The computer stated access denied or that I did not have privileges to do this. I tried the system ~1 restore technique to bring up the rp files and use the last one before the last one to reset the machine. Again I was trold by the computer access denied or that I did not have privilege to do so. I was running the computer from the ssd to perform the technique on the hdd. Next maybe i will try it from the wrc (win rec con) by botting first into the hdd and starting windows recovery console. .. I am afraid to do too much least I make things worse. Also I have some trype of .00000007 code on the blue screen of death. I do not know how to fix it.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 PM

Posted 26 August 2012 - 09:57 PM

Sorry about the delay. All these posts to yourself give the appearance you have someone helping you.

if possible ca you do this...

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 31 August 2012 - 12:15 AM

I downloaded dds and ran it but it did not pick up my infected hdd as the "I" drive. The log showed it scanned by uninfected ssd which is my primary boot drive with the infected hdd as the secondary slave drive.

How do I run dss to scan the secondary drive that is the infected drive?

#10 learntodowell

learntodowell
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 28 September 2012 - 03:33 AM

I fixed this problem by disconnecting my solid state drive and reconnecting my hard drive then changing in bios (press delete during start up) to sequence boot up from the hdd which became the c drive. Then I pressed f8 during boot up and selected chose last known good configuration instead of safe mode per se. Safe mode still yielded bsod. The computer booted up sucessfully and I was relieved. Thank you for your help on this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users