Jump to content

MBAM and GMER both Bluescreen

Jayy

By Jayy
in Resolved Malware Removal Logs

 Share

Recommended Posts

Jayy

Jayy

Posted
Posted

Hi,

MBAM and GMER both Bluescreen and then my computer restarts. The Bluescreen is visible only for a second or so before the restart.

MBAM does this after about 30 seconds, GMER after about one hour.

I have reinstalled MBAM several times - same results.

DDS logs attached.

Thanks in advance for you kind assistance.

DDSlogs.zip

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello ,

And ;) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites
Jayy

Jayy

Posted
  • Author
Posted
Hello again,

Please let me know what problems you are having at the moment, besides the BSODS when running MBAM and GMER.

Hi Elise,

Nothing serious - my computer may seem a bit "slow" at times and I occasionally notice HD and network activity while the machine is sitting idle.

Regards,

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello again, lets see if more detailed logs show leftovers.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello again,

That looks quite good. The slowness may be caused by the fact that you are low on disk space.

To lighten things up, lets cleanup the temp files

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Link to post
Share on other sites
Elise

Elise

Posted
Posted
Just a bit more information: I think that I may have had a rootkit for some time... likely for longer than one month.
What makes you think so (besides MBAM and GMER crashing)?

GMER is a quite unstable tool and often crashes computers, thats nothing to worry about.

Please let me know at which point MBAM crashes. Is it always at the same point? Does it crash also when running in safe mode?

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Navigate to the Control Panel in Windows XP by left-clicking on Start, followed by Settings and then choosing Control Panel.

In the Control Panel window, open System.

Note: In Microsoft Windows XP, depending on how your operating system is setup, you may not see the System icon. To correct this, click on the link on the left-hand side of the Control Panel window that says Switch to Classic View.

In the System Properties window, click on the Advanced tab.

Locate the Startup and Recovery area and click on the Settings button.

In the Startup and Recovery window, locate and uncheck the check box next to Automatically restart.

Click OK in the Startup and Recovery window.

Click OK in the System Properties window.

From now on, when a problem causes a BSOD or another major error that halts the system, the PC will not automatically reboot. Rebooting manually will be necessary.

Now, please run MBAM and let me know what the BSOD code is (see screenshot)

bsod_c.jpg

Link to post
Share on other sites
Jayy

Jayy

Posted
  • Author
Posted

There was no "Page Fault...." comment region in the BS

STOP: 0X00000024 (0X001904AA, 0XDFA478B4, 0XDFA475B0, 0X88C19D63)

NTFS.SYS - ADDRESS 88C19D63 BASE @ 88C08000 DATESTAMP 49E0192A

And this time MBAM ran for almost 8 minutes before the crash. Before, it was crashing in about 30-40 seconds.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Please click start > run, type chkdsk /r in the runbox and press enter.

A command window will open and you will be asked to schedule the scan for next reboot. Type Y and press enter.

Now reboot your computer and let the checkdisk run unhindered. When done, it will reboot. Try to run MBAM again and see what happens.

Note - the disk check may take a while.

Link to post
Share on other sites
Jayy

Jayy

Posted
  • Author
Posted

Hi Elise,

I ran the chkdsk and also sfc /scannow. Chkdsk didn't mention fixing anything but sfc fixed a few files. And then MBAM ran the quick scan in about 6 minutes and didn't crash.

So, it seems that my machine is clean now.

Thanks so much for your kind assistance.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Its good to hear that :D

Please consider updating your Avast; you are still using Avast 4.8, but the latest version is 5.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Run OTL and click Cleanup. This will remove all tools and logs we used.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept