Jump to content

MBAM and uTorrent lead to blue screen of death: probably infected


Recommended Posts

Hi,

I'm using the 14 day trial version of MBAM on Windows 7 64bit with G Data AntiVirus 2013.

When I use uTorrent at the same time, I constantly get blue screens of death.

I posted here yesterday and got the reply I'm probably infected and should post here again.

Attached are the two log files.

BTW, when I scan my system with G Data AntiVirus 2013, nothing is found. When I scan my system with MBAM Trial version (without uTorrent active), nothing is found. Only when uTorrent and MBAM are active at the same time, I get (at seemingly random times) blue screens of death.

Thank you for looking into this, I'm considering buying MBAM pro after the trial, but need to make sure all is ok.

Cheers, iobserve

attach.txt

dds.txt

Link to post
Share on other sites

Hello

Please download this program Blue Screen Viewer and unzip "Bluescreen View.exe" to your desktop.

Next, Select Start > Right click on "Computer" and select "Properties" select "Advanced System Settings" then "Advanced" tab. From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".

Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.

and welcome,

Next,

Please download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan

RGKRScan.png

Post the log that is saved to your Desktop...

Kevin.

Link to post
Share on other sites

Re-run RogueKiller again, when the scan is completed select the delete tab. copy paste that log to your reply, will be on the Desktop.

Next,

Uninstall uTorrent, Re-Boot your system.

Next,

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter.When finished type exit Tap enter, re-boot your PC.

***Note the space between sfc and /scannow.

Next,

Open elevated command prompt again, get report for sfc as follows:

Either type the following at the command prompt or highlight the text, right click copy, then at the command prompt right click paste.

findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

Type exit when finished, hit enter. The log should be on your Desktop.

Post that log and log from RK....

Thanks,

Kevin...

Link to post
Share on other sites

What is the status of your PC now, are you still experiencing BSOD....

Run the following:

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Please post the log.

Next,

Download OTL from any of the following links and save to your desktop.

Link 1

Link 2

Link 3

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Post those logs, also let me know if you have any remaining issues or concerns..

Kevin

Link to post
Share on other sites

When I click to download AdwCleaner from

http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

My G Data AntiVirus says:

Virus: Trojan.Generic.8239223 (Engine A)

Bestand: Unconfirmed 69383.crdownload

Map: E:\Users\Koen\Downloads

Proces: chrome.exe

Are you sure it is safe?

The status of my PC is now fine, no blue screens anymore, because you asked me to uninstall uTorrent. I never had blue screens, until I installed MBAM...

Link to post
Share on other sites

AdwCleaner is very safe, it will not harm your system in any way, the action from your security app is typical because of what AdwCleaner has included in its database...

AdwCleaner is a program that searches for and deletes Adware, Suspicious Toolbars, Potentially Unwanted Programs (PUP), Also certain types of browser Hijackers from your computer. AdwCleaner has the ability to enhance your browsing experience and make your PC safer.

The types of programs that AdwCleaner targets are typically bundled with free extras that you may have downloaded from the web. In many cases when you download and install a program, the install will state that certain extras may be included. Unless you perform a Custom install, these unwanted extras will automatically be installed on your computer leaving you with extra browser toolbars, adware, and other unwanted additions. AdwCleaner is designed to search for and remove these typically unwanted additions.

I was just progressing incase your system needed a bit of spring cleaning, AdwCleaner can remove a lot of unwanted dross, OTL intial scan is purely diagnostic. If you are happy your system is OK, I guess we can close out, its your call. Let me know how you want to continue...

If you wish to close Delete the following from your Desktop:

BlueScreenViewer - plus any logs

RogueKiller - plus this folder - RK_Quarantine - also any logs.

Thank you,

Kevin...

Link to post
Share on other sites

Re-Run otlDesktopIcon.png by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following

    :OTL
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE
    O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE
    O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE
    :Files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]


  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/...online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Link to post
Share on other sites

Thats fine about the mount points, ok remove file that was flagged by ESET AS FOLLOWS...

Copy all text in the code box (below)...to Notepad.


@echo off
del /f /s /q "E:\Users\Koen\Downloads\dexpot_164_r2186.exe"
del %0

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"

It should look like this: batfileicon.gif<--XP vista_bat_icon.png <--vista

Double click on delfile.bat to execute it.

A black CMD window will flash, then disappear...this is normal.

The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

What is the status of your system now, is it responding ok? Regarding issues with uTorrent, I do not recomment that you should use any type of P2P Application, the risks are just not worth it...

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them, such as cracks or Key Generators. Some further readings on this subject available Here or Here

Kevin....

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.