Jump to content

BSOD when logging on after using Malwarebyte

Recommended Posts

Sorry if this is wrong place to put this. Unfortunately I do no have the log file for the scan as I can't even enter the PC for more then a few seconds without BSOD and when I access Safemode with networking I cannot connect to the internet there.

Now... How do I explain?

I downloaded this because google kept redirecting me, but now I'm afraid my stupidity has only led to more destruction then the virus would have caused. I don't even know how I got the virues, I certainly never downloaded anything stupid. I don't know what website I entered that must've gave it to me. I did a quick scan as recommanded, and got 60 infected files. Now I'm worried I should have posted the log here, and ask if any of it was a false positive, but I didn't. I didn't think it was a false positive, and I deleted them. I restarted my computer as malwarebyte said to. But within seconds of logging in, I get the BSOD. EVERY time I log in I get the BSOD. And now I must show a very depressng emote: I already lost my old PC to a virus, I don't want to lose ANOTHER.

I know I haven't given y'all much to work with, but what steps do you think I must take? I've already began to savage my documents that I can't afford to lose and back them up on my USB, in case my computer becomes unusable.

Oh when I run it in safe mode, it says these 2 files describe the problem...



I'm considering I may as well reinstall windows 7, with all my documents backed up, but I'd like to see if I can solve this first.

Link to post
Share on other sites

Hi and :welcome:

Do you have a flashdrive you can use to transfer logs from your infected computer to a computer with working internet?

We Need to Diagnose Your BlueScreen

  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

Please post me the error(s).

Link to post
Share on other sites

Hi, I did a system restore before your post (to undo the massive change malwarebyte made to my regestry) and it seemed to fix my PC for a few days. But, I was relucant to re-scan and re-delete all the files again for it would just happen again. I was going to post a log up here, and I did (but I can't find the thread) In any case, in the next day, that is today, I got the BSOD again, now It happens every time I log in (except safe mode) again.

STOP: 0x0000008E (0XC0000005, 0X8A4287487, 0X9CE4AF7C, 0X00000000

attapor.sys adress 8A28100, Data stamp 4a5bbf16

Please also find attached the scan log I did in safe mode today. Which ones should i remove?

mbam-log-2011-06-24 (14-33-04).txt

Link to post
Share on other sites

Hi again, can you run the following from safe mode?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller. will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Unfortunately you had a nasty rootkit on your computer. Even though it is gone now, please read the following information first, before continuing with the cleanup.



One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



Please download ComboFix from one of these locations:


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

I knew backdoor trojans could do that, but I didn't realise that it meant my computer couldn't be trusted again, even after the virus is gone. I don't do banking on my PC but I do use facebook, and other forum places. These are things I don't really care if they get hacked (I.e Sims 3 forums) As for my facebook, I guess for the time being I could just not use it on that PC. However, what other risks might be apparent even if I don't use facebook, banking etc?

I'm not quite ready to reinstall my PC, I've got a few important programs I might not be able re-install for months. So for now, I'll continue with clean-up.

I haven't done it yet, but I will tomorrow. (Im currently using a laptop)

Link to post
Share on other sites

To be sure you can change your facebook password and things like that. After you do this, most likely you can use it safely.

In your case best would be indeed to continue the cleanup for now, so you have at least a clean computer to work with.

Link to post
Share on other sites

That sometimes happens, and a reboot takes care of the issue. It is nothing to worry about.

Can you please rerun combofix and post me the new log? A file was flagged as infected, but not shown further on in the log and I'd like to see if it is still there or not.

Link to post
Share on other sites

I don't know much of this but it said c:\windows\system32\userinit.exe . . . is infected!! and I assume thats what your talking about.

It was in the list of "Other Deletions" wasn't it? Are you sure it wasn't saying it was infected and deleted at same at the same time? Again, I do not know :P

I will do the scan soon as possible.

Link to post
Share on other sites

Lets also make sure everything else is up to date and in order, to avoid such problems in the future. :)



Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.



I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.