Trojan/BSOD question - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 17 (permalink) Old 08-14-2009, 11:50 PM Thread Starter
Sports weenie @ full attn
 
ZYouL8R's Avatar
 
Join Date: Dec 2002
Location: Laughlin AFB
Posts: 5,638
Trojan/BSOD question

So apparently I got some Trojan on my computer that runs this bogus "Windows Anti Virus" program that makes you think you have a virus (which you do) but then tells you to pay and download this other fake anti-virus program that does nothing.

First indications were the BSOD with a few "0x0000007E", "0x0000007B", and "0x00000050" stop codes. It would take me about 10 restarts to get it to boot up and it wouldn't let me boot in safe mode at all. So I ran a few anti-malware programs and supposedly cleaned everything up, but I'm still getting the BSOD.

So does this mean the virus is probably still on my computer even though no anti-virus/malware programs are picking it up? Or is it possible the virus did some sort of permanent damage to some software or hardware? The computer is also freezing when trying to open random files, like Word, Excel, PDFs, etc.

ZYouL8R is offline  
Sponsored Links
Advertisement
 
post #2 of 17 (permalink) Old 08-15-2009, 12:24 AM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
You need to scan the PC w/ a BOOT AV disk. Avira has the option to burn one to boot and scan w/.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #3 of 17 (permalink) Old 08-15-2009, 02:09 PM Thread Starter
Sports weenie @ full attn
 
ZYouL8R's Avatar
 
Join Date: Dec 2002
Location: Laughlin AFB
Posts: 5,638
I was able to boot in Diagnostic Mode on the MSConfig menu. I ran Avira, Anti-Malware, and Spybot. Avira and Anti-Malware found nothing. Spybot found a few small things that I removed.

I'm still getting random BSOD on startup, and now I'm getting a little "Windows Corrupt File" yellow exclamation icon on the task bar. I tried to run Chkdsk but it won't let me. Any other ideas?

ZYouL8R is offline  
 
post #4 of 17 (permalink) Old 08-15-2009, 02:18 PM Thread Starter
Sports weenie @ full attn
 
ZYouL8R's Avatar
 
Join Date: Dec 2002
Location: Laughlin AFB
Posts: 5,638
To be specific, it takes about 6 or 7 boots for me NOT to get the BSOD. Also, it won't let me create a System Restore point for whatever reason.

ZYouL8R is offline  
post #5 of 17 (permalink) Old 08-15-2009, 06:37 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Do you have another PC you can slave the drive in to do some more scans?





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #6 of 17 (permalink) Old 08-15-2009, 07:21 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
download this

http://download.bitdefender.com/resc..._3_08_2009.iso

burn to a cd. boot from cd then do a scan.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #7 of 17 (permalink) Old 08-15-2009, 09:57 PM
None
 
Jedi's Avatar
 
Join Date: Jul 2000
Location: Anti-Newbie
Posts: 12,675
If you run these two programs in this order, you will clean your pc.


Combofix (to get rid of the rootkits)
Malwarebytes (to get the shit that combofix missed - not much)


If the programs won't run, rename them to test.exe and test2.exe and retry - some malware will kill the combofix.exe and mbam.exe processes if they launch.
Jedi is offline  
post #8 of 17 (permalink) Old 08-16-2009, 12:11 AM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
combofix can hose your stuff too if you don't know what you're doin.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #9 of 17 (permalink) Old 08-16-2009, 08:46 AM
None
 
Jedi's Avatar
 
Join Date: Jul 2000
Location: Anti-Newbie
Posts: 12,675
if you stick to just the clean option a caveman could do it, but the other optoins can fuck you up that is true.
Jedi is offline  
post #10 of 17 (permalink) Old 08-17-2009, 07:56 PM Thread Starter
Sports weenie @ full attn
 
ZYouL8R's Avatar
 
Join Date: Dec 2002
Location: Laughlin AFB
Posts: 5,638
Exclamation

Quote:
Originally Posted by Hunt4m3x View Post
download this

http://download.bitdefender.com/resc..._3_08_2009.iso

burn to a cd. boot from cd then do a scan.
I ran the Bit Defender boot CD and it found no issues. Every anti-whatever program I run finds nothing except Spybot keeps finding some Skynet Trojan. It looks like Combofix is my only hope.

ZYouL8R is offline  
post #11 of 17 (permalink) Old 08-17-2009, 08:17 PM
DERP DERP DERP
 
90GT50's Avatar
 
Join Date: Nov 2001
Location: Close one eye, step to the side.
Posts: 36,645
Have you tried malwarebytes?

90GT50 is offline  
post #12 of 17 (permalink) Old 08-17-2009, 09:33 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
Quote:
Originally Posted by ZYouL8R View Post
I ran the Bit Defender boot CD and it found no issues. Every anti-whatever program I run finds nothing except Spybot keeps finding some Skynet Trojan. It looks like Combofix is my only hope.
combofix will fix it. I just did two work stations with the exact same Trojan.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #13 of 17 (permalink) Old 08-17-2009, 10:32 PM Thread Starter
Sports weenie @ full attn
 
ZYouL8R's Avatar
 
Join Date: Dec 2002
Location: Laughlin AFB
Posts: 5,638
Quote:
Originally Posted by Hunt4m3x View Post
combofix will fix it. I just did two work stations with the exact same Trojan.
Cool, I hope so.

Any tips on running it besides the ones listed below?

http://www.malwarebytes.org/forums/i...howtopic=20995

ZYouL8R is offline  
post #14 of 17 (permalink) Old 08-17-2009, 10:55 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
Quote:
Originally Posted by ZYouL8R View Post
Cool, I hope so.

Any tips on running it besides the ones listed below?

http://www.malwarebytes.org/forums/i...howtopic=20995
just run it and paste your log file here.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #15 of 17 (permalink) Old 08-24-2009, 01:50 AM Thread Starter
Sports weenie @ full attn
 
ZYouL8R's Avatar
 
Join Date: Dec 2002
Location: Laughlin AFB
Posts: 5,638
Well, before I even got a chance to run ComboFix, my computer somehow got even more fucked up. Now, once I get Windows to load, it immediately starts running this fake virus scan and it won't let me run anything else at all: task manager, msconfig, or any program. I still can't even boot in safe mode. So I literally can't do anything on my computer unless it involves booting from a CD.

I ran BitDefender again and it found one infected file but it couldn't fix it. So I chose "Quarantine" but it did nothing. So I'm left with repairing Windows now or just reformatting. Any other suggestions? Is there a way to run any kind of anti-virus/malware/etc from a CD?

ZYouL8R is offline  
post #16 of 17 (permalink) Old 08-24-2009, 02:09 AM
Aspiring Bean Counter.
 
Slowhand's Avatar
 
Join Date: Feb 2006
Location: Howard Johnson's Earthlight Room
Posts: 12,279
Quote:
Originally Posted by ZYouL8R View Post
Well, before I even got a chance to run ComboFix, my computer somehow got even more fucked up. Now, once I get Windows to load, it immediately starts running this fake virus scan and it won't let me run anything else at all: task manager, msconfig, or any program. I still can't even boot in safe mode. So I literally can't do anything on my computer unless it involves booting from a CD.

I ran BitDefender again and it found one infected file but it couldn't fix it. So I chose "Quarantine" but it did nothing. So I'm left with repairing Windows now or just reformatting. Any other suggestions? Is there a way to run any kind of anti-virus/malware/etc from a CD?
Burn this to a CD and boot from it. It's Geek Squad's toolkit. It's pretty simple but also pretty easy to use and allows you to boot from the program.

http://astatalk.com/release/18016/1/....0_SX_Edition/

Slowhand is offline  
post #17 of 17 (permalink) Old 08-24-2009, 09:25 AM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
You can boot Hirens to Mini XP then run combofix.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome