Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a rootkit, but not sure what it is.


  • This topic is locked This topic is locked
71 replies to this topic

#1 Sam Gunn

Sam Gunn

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:11:08 PM

Posted 07 March 2014 - 11:12 AM

I have a Dell laptop. I haven't started it in 3 years. When I turn it on, and after it starts up, the screen goes black. It dosen't show the wallpaper, or any buttons on the screen. I pressed F8, to enter into safe mode. It then shows several lines of words.

 

The first line has at the beginning multi(0)disk, and the last letters say ntoskrnl.exe

 

The last line says isapnp.sys

I downloaded AVG onto a flash card. I plan to put it onto the laptop, and then do a scan. But the laptop won't work.

 

 

 

 

 

 

 

 

 

 

 

 

Information about my computer.

Microsoft XP
Media Center Edition
Version 2002
Service Pack 3.

Dell Inspiron 1501

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:08 AM

Posted 07 March 2014 - 04:13 PM

Good evening. :)

Can you tell me why you think that your PC is in the clutches of a rootkit?


So long, and thanks for all the fish.

 

 


#3 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:11:08 PM

Posted 07 March 2014 - 11:02 PM

I did a scan 3 years ago. My other laptop was infected, so I got it fixed first. Yesterday, I decided to run the other computer, and see if it would work. I asked fireman4it if he could look into it. He told me to go ahead and post it. I wasn't sure in what section to post. Is this the right section?

 

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:08 AM

Posted 08 March 2014 - 04:09 PM

Good evening. :)

Given that it's three years since you ran the PC, it's missing whatever updates that Microsoft released since that date, and it appears that the Operating System may be damaged i'd just be tempted to reinstall Windows and start afresh.


So long, and thanks for all the fish.

 

 


#5 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:11:08 PM

Posted 08 March 2014 - 05:17 PM

How do I do that? It won't show anything. The screen is black, and if I press caplocks, or any other button, no lights come on. It is on, when I turn it on, but it does nothing. I can press F2, F8, and F12. I can then do a CPU test. or what ever. But it won't start even on safe mode. I neve installed windows. Do I need a disk? Or can I download it onto a flash card, and then install it?



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:08 AM

Posted 09 March 2014 - 02:59 PM

Good evening. :)

Given that you arte unable to reinstall UI suggest that you start by booting the PC and post the whole of the text that is displayed, staring multi(0)disk, and ending isapnp.sys.


So long, and thanks for all the fish.

 

 


#7 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:11:08 PM

Posted 09 March 2014 - 04:52 PM

Do you want all the words, in every line?



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:08 AM

Posted 10 March 2014 - 03:09 PM

Good evening. :)

You can skip the lines that simply have a file name in them, but i'd like the rest.


So long, and thanks for all the fish.

 

 


#9 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:11:08 PM

Posted 11 March 2014 - 09:46 PM

I hope I did everything right, and I hope we can get it to work. For some, I left out system32.There's about 14 lines. Is that enough?  I didn't start from the beginning. Just the end.

 

 

 

 

 

 

============================================================

 

system32\ntoskrnl.exe

hal.dll

KDCM.DLL

BOOTVID.dll

config\system

c_1252.nls

c_437.nls

l_intl.nls

FONTS\vgaoem.fon

AppPatch\drvmain.sdb

system32\DRIVERS\ACPI.sys

DRIVERS\WMILIB.SYS.

DRIVERS\pci.sys

DRIVERS\isapnp.sys



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:08 AM

Posted 12 March 2014 - 03:23 PM

Good evening :)

 

I was hoping for an error message or an error code - is there one at all?


So long, and thanks for all the fish.

 

 


#11 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:11:08 PM

Posted 12 March 2014 - 04:29 PM

I didn't see one. That's all I saw. It stops at the last line.



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:08 AM

Posted 12 March 2014 - 04:37 PM

OK, the problem is possibly with a file called pciide.sys, which is the file that boots after isapnp.sys. You need to get hold of a copy of this file so that you can replace the one of the PC that is possible corrupt with a working one - do you have another XP system that you can obtain the file from, or an XP installation disk?


So long, and thanks for all the fish.

 

 


#13 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:11:08 PM

Posted 12 March 2014 - 05:31 PM

I have a laptop computer. It is the one I'm using right now. Can I copy the file onto a flash card? The laptop is the same make that we are working on. Got two of them back in 2006.



#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:08 AM

Posted 13 March 2014 - 02:34 PM

Good evening. :)

You will need to boot the PC from an alternative Operating System in order to do the necessary - do you have the ability to burn a file to a blank CD-ROM?


So long, and thanks for all the fish.

 

 


#15 Sam Gunn

Sam Gunn
  • Topic Starter

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tarheel State
  • Local time:11:08 PM

Posted 13 March 2014 - 04:24 PM

No, I don't think so. I know how to transfer to a flash card. Can I do that?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users