Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

buisness server has BSOD won't run long enough to backup even HELPsss


  • This topic is locked This topic is locked
3 replies to this topic

#1 shopit

shopit

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 12 May 2013 - 09:06 PM

ok guys so I own a small business and my server runs a sql server. Randomly thursday my software started crashing every two minutes. we had no idea why or what was going on at first. So I used to much more avid into windows back in the xp days and before. I kinda switched to mac and haven't messed with newer windows. I actually just picked up a win 8 surface pro to use for tuning trucks and quickbooks. 

 

So as I've looked at it at first ive though malware. Cause it would stay open in safe mode but not in reg mode. And my software wont run in safe mode so can't backup my data. So I've scanned with windows malicious software tools, I've scanned with pcmatic from pc pitstop as we use it for used laptops we sell and works relatively well. Tried iola which works rather well there system mechanic. So far the windows tools found 4 malware which were according to all scans removed. Then if i go to certain settings or windows update or such it shuts off instantly. I figured its either malware, memory, a driver or registry error.  I don't think its memory or i would think it would shut down the same in safe mode. 

 

The error I get with windows update is just a straight crash

If I go to dell and go to the driver update tool i get "unable to install or run this application. This application requires your system to be updated to Microsoft common language runtime version 4.0.30319.0"

 

Also when the computer comes back up from its blue screen I get run dl error "there was a problem starting c:users/server/appdata/roaming/msrex.dll the specified module couldn't be found"

 

Second error was a run dl "there was a problem starting c:users/server/appdata/roaming/rcsnpa.dll the specified module could not be found."

 

The blue screen states technical information:

**** stop: 0x0000008e (0xc0000005,0x835c7487,0xb653f66c,0x00000000)

*** atport.sys - adress 835c7487 base at 835c1000, datestamp 4ce788e8

 

 

The trojans found since 5/10 was trojan:win32/medfos.x and medfos.b on the 11th was trojan:html/redirector.bb and two copies of that. At last scan nothing found anything else. There was one more program found when i put it into an external lightning jig on my mac clam found but i forgot what it was it was something trojan.something..

 

I have attached the rammon file and I'm going to use the driver utility to try and list the drivers.  I really need this up online or I'm going to be loosing business fast and cash....

Attached Files



BC AdBot (Login to Remove)

 


#2 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:25 PM

Posted 12 May 2013 - 11:07 PM

Hi

 

The error message you are receiving is malware related and i strongly suspect they are causing the BSOD. Don't scan the system with any antimalware tools. This type of infection should be removed under the supervision of a trained malware helper. Running any malware removal tools directly may damage the OS and there is potential risk of loosing your data. Please follow the instructions in the below link and post a malware removal request in the appropriate section.

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

As the number of requests are pretty high, you may have to wait a little to get help from a trained malware helper.

 

You made a mistake by not backing up your data regularly. You should consider employing an automatic backup solution as you are running a business and the data is very important.



#3 shopit

shopit
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 13 May 2013 - 07:47 AM

We have done backups daily. Our issue is with the amount of transactions we do daily one day is a ton. Between new options and sales, plus extension payments, as well layaways and sales plus financing sales. its just a high number of transactions. The companies that make our software is small in the area of 5. They do not make automated backup solutions etc. we have to manually backup at the end of the day using the program itself. they are just releasing an automated cloud backup that runs while the software is open and we have placed an order but the modules not available for another week.

 

Plus with the variety of merchandise we have to research i can not block or restric the net as I do not know what sites they will need so then they abuse it in downtime and go on craigslist shopping or link clicking and then we end up with situations like this.... I have provided tablets for them to surf the internet on to research info but apparently its to much of a hassle for them and the units get misplaced, damaged, or other.

 

I've been trying to get a software company to deign software using ipads as terminals and a g5 or mac mini as a server as it would be extremely efficient and there is alot of demand for such software and features. Plus with the built in camera, it would be perfect especially with an app similar for the ebay app format for our intake process. if you guys have any suggestions of who let me know.

 

I'll follow the route you suggested. Thanks,

Ed



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:55 AM

Posted 13 May 2013 - 12:31 PM

Reference:  http://www.bleepingcomputer.com/forums/t/494437/my-small-buisness-server-crashed-bsod-every-2-minutes-help/#entry3049473

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users