Jump to content

Recommended Posts

I was attempting to clean the NSA Prism virus from a friends computer. I ran Malwarebytes and it found several infections requested a reboot which I did. After reboot I ran the Malwarebytes Anti Root Kit it found two registery keys they were in HKLM\software\type lib and the other was in HKLM\software\interfaces sorry I don't remember the last parts of either of the keys. Anyway when Mbar finished it wanted to restart which I did but when the computer started back up When the XP screen came up with the progress bar it almost immediately went to BSOD.

 

I tried running fixmbr from the recovery console but that didn't help.

 

So were do I go from here?

Link to post
Share on other sites

Can you get to a command prompt and try system restore?

This will work if you have a good system restore point and can get to the Command prompt: (If it doesn't work the first time keep trying...you may be able get it)

Step 1: Use F8 to Boot to SafeMode With Command Prompt or Command Prompt

Step 2: Type the word "explorer" in black screen > enter

Step 3: Then Navigate to:

Win XP: C:\windows\system32\restore\rstrui.exe and press Enter

Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter (double click rstrui.exe)

Step 4: Restore Computer to Date you know you were virus free

Step 5: See if it boots up normally.....post on the forum so we can ensure the computers clean

MrC

Link to post
Share on other sites

Ok, apparently we had a couple of different things going on with the computer at the same time. I finally managed to run system restore from the recovery console but it still blue screened. So the friend who owned the computer said for me to go ahead and wipe and reload everything that way he could be sure it was all gone. In the process of re-installing Windows I kept getting the blue screen. I had run all the diagnostic utilities I could from the recovery console and everything was good. The only thing I could not run was a test on the ram. I managed to dig up a couple of ram sticks and swapped them for the two in the machine. Lo and behold everything seems to be fine now. Just plain bad luck that one of the ram sticks decided start having problems right in the middle of removing the NSA Prism Virus causing me to think the NSA Prism Virus was causing all the problems.

 

I am now in the final process of installing windows, luckily the owner did not have any pictures or documents he needed saved on the computer so wiping it out and starting over is no big deal to him. 

 

Thank You MrCharlie, for your time and trouble. I guess you can close this thread as we should not have any more malware troubles when we get the machine back up and running. Thanks again for your time and trouble.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.