I get the BSOD when I reboot and I am asked to do system restore!

05dgarner · 16 Jul 2010

A while I go I downloaded a file called "XBox 360 Points Generator" which was a virus, I then try to delete it at its location(My documents> System 32) and I get an error message saying "The action can't be completed because the file is open in Microsoft library content", so I open up Windows Task Manager and end the process and delete it. I then do a system reboot and I get the blue screen of death, it then gives me the option to do "system repair", so I click it and it brings up system restore, which I used. Then I reboot the computer and everything works normally, but the file I deleted, is now back where it was. Now if I delete the file, or leave it alone, I get the BSOD again, and this entire process gets repeated.

Also, for some strange reason, my Restore points only date back to after I downloaded the file, not before.

Btw, if I look at the file and go to the "Details section" then look at "Original File name" it says STM.exe, which according to several websites, is a adware or spyware.
I also have a trial version of Norton Antivirus 2010 which picks up nothing with a full system scan or using "Norton file insight".

*UPDATE*
The file and the process are no longer there, but I am still getting the "Blue screen of death" everytime I start my pc and I am then forced to do a"System Restore" . I cant do a "System Restore", before the date I downloaded the file and messed up my pc, because, there is no restore points before then.

If anyone has any ideas, please respond.

drum4life2death · 16 Jul 2010

Try These two apps. I'm not sure if I'm supposed to put links on here or not but, these are both awsome freeware apps. They've nuked everything for me so far. Getting those kinds of spyware/bots off your system is a long, painful task. I know. I've wiped my whole computer clean at least once or twice over that. Try these...Malwarebytes.........& this..........SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!...just get the free version of the second one. Install and run. Should do the trick...

Harvey Meale · 17 Jul 2010

Hi, 05dgarner.

It seems as though you've fallen victim to some cruel maliciousness. Run the above scans and reply with the MBAM log. How long ago did this start to happen? I'd try restoring again, but ensure that the restore point is before the time at which these occurrences started happening. Of course, only do this if your malware scans prove ineffective.

Thanks,
Harvey Meale

05dgarner · 17 Jul 2010

Here is the Mbam log, as you can see, I found nothing to describe what is happening. The occurrences started happening when I realised that there was a process running in windows task manager, that wasnt friendly, so I clicked "end process" and then I went to the location and clicked "delete" then, when I started my pc the next morning, all of this mess started happening. I also tried SUPERantispyware and found nothing, except a few tracking cookies .

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4322

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17/07/2010 21:48:17
mbam-log-2010-07-17 (21-48-17).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 476280
Time elapsed: 1 hour(s), 47 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jacee · 17 Jul 2010

Open MBam and this time Be sure that everything is checked, and click Remove Selected.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer -> Anti-malware Tools -> Downloads and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. Using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

Jacee · 17 Jul 2010

What you have ...

W32Autorun.worm.aaaq is a worm which is written in Visual Basic and also uses polymorphic mechanism when executed. It attempts to spread to removable drives by creating an autorun.inf file, which will run the worm automatically, if systems which use the removable drive are set to Autorun

Are you using an infected flash drive?

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

05dgarner · 17 Jul 2010

Jacee said:

Open MBam and this time Be sure that everything is checked, and click Remove Selected.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer -> Anti-malware Tools -> Downloads and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. Using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

I followed your information and did everything and when it restarted it worked fine, but the process was still there and so was the file. I clicked "End process" and deleted the file, and was able to find the other file that was in the startup section. I think the problem is solved and I will see in the morning, when I boot my pc up.

Jacee · 17 Jul 2010

Okay, let us know :)

05dgarner · 18 Jul 2010

Hey Jacee,
After my last comment, last night, I decided to do two restarts to be sure, on the first one, everything was fine and everything worked, but the file was still running a process, so I clicked "End process" and I deleted it. On the 2nd restart, there was no process or file.

But when I turned my pc on this morning, I got the BSOD and I was asked to do a system restore, when it restarted, there was no file or process happening. I am now going to try the "FlashDisinfector" program you reccomended to me. Many thanks.

05dgarner · 18 Jul 2010

Hey Jacee,
The download link for "FlashDisinfector" works, but when I double click the app, nothing happens. I have also tried to run it as an "Administrator", but still, nothing happens. Do you have another download link, for which the app actually works?

*UPDATE*
I restarted my computer to install some updates the the following came up:

http://i839.photobucket.com/albums/z...g?t=1279441312

Is this the program operation I just downloaded?