Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD + Trojan?


  • This topic is locked This topic is locked
7 replies to this topic

#1 zeny

zeny

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 02 March 2013 - 02:15 PM

Greetings everyone,

 

My laptop is currently in a dire condition and I am here to seek help and your expertise. 

 

2 days ago, my computer had been affected by a Trojan malware called "zeroaccess.hi". My antivirus - McAcfee - warned me that it attached itself onto my Desktop.ini file in C-Drive and despite McAcfee's multiple attempts to erase it through rebooting, it was unable to defeat it.

 

I went on to look for a solution yesterday and I stumbled upon the McAcfee Rootkit Remover in the site below:
http://www.mcafee.com/ca/downloads/free-tools/how-to-use-rootkitremover.aspx

 

I thought there was finally hope in this battle and I tried it immediately. After a scan, the Remover claimed that it has cleaned the Trojan and a reboot is needed to get things back on track. Yet after I rebooted the system, it can no longer get into the Windows log-in screen. It can go as far as to the boot options selection screen, but even when I tried the Safe Mode options, a Blue Screen of Death with the following STOP error would appear & re-loop me back to the selection screen.

 

--> STOP: 0X000000F4 (0X0000000000000003, 0XFFFFFA8005437B30, 0XFFFFFA8005437E10, 0XFFFFF800033D3510)

 

 

I would be very grateful if you could help me with this matter!

Thank you for your time!


Edited by zeny, 02 March 2013 - 02:17 PM.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:12 PM

Posted 02 March 2013 - 03:35 PM

Hello zeny, and welcome to Bleeping Computer! :hello:
 
I just want to let you know that I have notified the proper helpers, and moved this topic to the Malware Removal Logs forum where it will stay.
 
Please be patient and good luck...no one gets missed here. :wink:
 
bloopie

Edited by bloopie, 02 March 2013 - 03:44 PM.


#3 zeny

zeny
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 02 March 2013 - 05:40 PM

Thank you bloopie!



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:12 PM

Posted 02 March 2013 - 05:50 PM

It's my pleasure!

 

And just to speed things up: Please let us know what Operating System you are running, and if you have your original Windows Installation CD available! That information will make it much easier for us help you. :wink:

 

Help is on the way regardless, just be patient and thank you!

 

bloopie



#5 zeny

zeny
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 02 March 2013 - 06:09 PM

Hi Bloopie,

 

I am using 64-bit Windows 7. 

Unfortunately my sibling has taken the CD with him out-of-country so I don't have one with me...



#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:12 PM

Posted 02 March 2013 - 08:11 PM

Hi again,

Let's see if you can post a log from FRST. You will need the use of a USB device:
Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
bloopie

Edited by bloopie, 08 March 2013 - 04:57 PM.
Fixed formatting


#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:12 PM

Posted 05 March 2013 - 06:39 PM

Hello again,

Are you still with me? :)

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:12 PM

Posted 08 March 2013 - 04:58 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users