Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD, Google trouble, and trojans


  • Please log in to reply
5 replies to this topic

#1 sparky745

sparky745

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 26 March 2018 - 11:07 PM

Sysnative is attached, Speccy link is: speccy.piriform.com/results/nNAwq4LZM1xpJtkNTPCUGSU.

 

Google has been refusing to open in any browser for a couple days. Bing works just fine.

 

BSOD prob 10 times this evening. ref: bckd.sys.

 

ESET Smart Security 10 found 22 threats when I ran in safe mode, which I had it clean by deleting. TrojanDownloader.Agent and TrojanDownloader.Nemucod variants.

 

What other tests and cleaning do I need to do?



BC AdBot (Login to Remove)

 


#2 sparky745

sparky745
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 26 March 2018 - 11:08 PM

Sysnative attached here.

Attached Files



#3 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 2,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:03:34 AM

Posted 27 March 2018 - 09:21 AM

ESET Smart Security 10 found 22 threats when I ran in safe mode, which I had it clean by deleting. TrojanDownloader.Agent and TrojanDownloader.Nemucod variants.

Since you are potentially infected, please post in the Am I infected? What do I do? forum to ensure your computer is 100% clean. Feel free to come back to this topic for BSOD help once you're done. Be sure to collect fresh log files though. :)


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#4 sparky745

sparky745
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 31 March 2018 - 06:31 PM

Ok. Followed Broni's recommendations for virus issues and am clean in that regard, but still having BSOD error. New logs attached and here: http://speccy.piriform.com/results/HzU6sujHQATDJDWY6BPXGC3. Please let me know what other scans/tests I need to run to track this down.



#5 sparky745

sparky745
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 31 March 2018 - 06:32 PM

Fresh Sysnative log attached here.

Attached Files



#6 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 2,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:03:34 AM

Posted 31 March 2018 - 07:06 PM

Any idea what this startup entry is? I just thought the Korean was weird, unless it is being rendered wrongly.

Power2GoExpress8    퀀ࡘŷ    PF_SURFACE3\Patrick    HKU\S-1-5-21-3929774666-1423245683-751090268-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The crashes seem identical

0: kd> !analyze -show 1000007E ffffffffc0000005 ffff81882c2067a8 ffff81882c205ff0
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: ffff81882c2067a8, The address that the exception occurred at
Arg3: ffff81882c205ff0, Exception Record Address
Arg4: 0000000000000000, Context Record Address
0: kd> .exr ffff81882c205ff0
ExceptionAddress: ffff890cd092d010
   ExceptionCode: cfadc040
  ExceptionFlags: ffff890c
NumberParameters: -606558724
   Parameter[0]: ffff81882c206120
   Parameter[1]: fffff8000bdea465
   Parameter[2]: 00001f800010001f
   Parameter[3]: 0053002b002b0010
   Parameter[4]: 000102820018002b
   Parameter[5]: fffff8000fb33210
   Parameter[6]: ffff890cccb5f0d8
   Parameter[7]: 0000000000000002
   Parameter[8]: ffff890cccb5d000
   Parameter[9]: fffff8000fb2cfe5
   Parameter[10]: ffff890cd0bcaad8
   Parameter[11]: 0000000000000000
   Parameter[12]: 0000000000000000
   Parameter[13]: ffff81882c206a68
   Parameter[14]: fffff8000fb332a0
0: kd> .cxr ffff81882c205ff0
rax=0000000000000000 rbx=fffff8000fb332a0 rcx=0000000000000000
rdx=ffff81882c206a68 rsi=0000000000000000 rdi=0000000000001000
rip=fffff8000fb21d7b rsp=ffff81882c2069e8 rbp=ffff890cccb5d0a8
 r8=ffff81882c206a70  r9=0000000000000000 r10=0000000000000000
r11=ffff81882c206930 r12=ffff890cd465ee80 r13=ffff890cccb5f0d8
r14=ffff890cccb5f260 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
bckd+0x1d7b:
fffff800`0fb21d7b 448a09          mov     r9b,byte ptr [rcx] ds:002b:00000000`00000000=00
0: kd> u fffff800`0fb21d7b
bckd+0x1d7b:
fffff800`0fb21d7b 448a09          mov     r9b,byte ptr [rcx]
fffff800`0fb21d7e 453aca          cmp     r9b,r10b
fffff800`0fb21d81 7463            je      bckd+0x1de6 (fffff800`0fb21de6)
fffff800`0fb21d83 413bc2          cmp     eax,r10d
fffff800`0fb21d86 7577            jne     bckd+0x1dff (fffff800`0fb21dff)
fffff800`0fb21d88 488b02          mov     rax,qword ptr [rdx]
fffff800`0fb21d8b 493bc2          cmp     rax,r10
fffff800`0fb21d8e 7439            je      bckd+0x1dc9 (fffff800`0fb21dc9)
0: kd> lm k vm bckd
Browse full module list
start             end                 module name
fffff800`0fb20000 fffff800`0fb41000   bckd     T (no symbols)           
    Loaded symbol image file: bckd.sys
    Image path: \SystemRoot\system32\drivers\bckd.sys
    Image name: bckd.sys
    Browse all global symbols  functions  data
    Timestamp:        Fri Jan 24 12:05:22 2014 (52E29D52)
    CheckSum:         00024AE8
    ImageSize:        00021000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

unanimously blaming your Blue Coat K9 Web Protection driver. Please uninstall that program and watch out for the kids! :wink:


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users