Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Blue Screens and Pop Ups Galore (Ntoskrnl.exe)


16 Apr 2013   #1

Windows 7 Home Premium 64bit
 
 
Blue Screens and Pop Ups Galore (Ntoskrnl.exe)

This may be a malware issue but I do not know. This is a dump file as well as a picture of my blue screen. i also get pop ups on the internet randomly that should happen and when I click links i get sent to completely different websites then I should. Thanks for any help!

My System SpecsSystem Spec
.

16 Apr 2013   #2

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Hi edlovereze

Download from a clean PC so you could download the tools

Download tdsskiller

Description :Download :
TDSSKillerdownload

On the infected PC right click on TDSSKiller.exe choose Run as administrator , then click on Change parameters

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Click the Start Scan button

If a suspicious object is detected, the default action will be Skip, click on Continue.


Note   Note
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



ROGUEKILLER

RogueKiller Download

Click on Download now

Save to the Desktop.

Close all windows and browsers
Right click RogueKiller choose Run as Administrator

Press: SCAN

provide the RKreport.txt (Mode: Scan) in your reply.
My System SpecsSystem Spec
17 Apr 2013   #3

Windows 7 Home Premium 64bit
 
 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Newter [Admin rights]
Mode : Scan -- Date : 04/17/2013 12:18:38
| ARK || FAK || MBR |

Bad processes : 2
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]

Registry Entries : 10
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965 (cmd.exe /C start /D "C:\Users\Newter\AppData\Local\Temp" /B A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965.exe -postboot) [x] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3180214080-296850399-2681992799-1001[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST31500541AS +++++
--- User ---
[MBR] 4c5631f4dcf5b3b5fefeb4ae58126048
[BSP] 7d7b4abc37269dce17ea12654ca91c84 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04172013_02d1218.txt >>
RKreport[1]_S_04172013_02d1218.txt
My System SpecsSystem Spec
.


17 Apr 2013   #4

Windows 7 Home Premium 64bit
 
 

It was too long to copy and paste but here is the TDSS report! Thanks for the help!
My System SpecsSystem Spec
17 Apr 2013   #5

Windows 7 Home Premium 64bit
 
 

TDSS Killer found something that was labeled as Malware and its default action was to cure so I let it do that. I have restarted my computer and it has not blue screened for 5 hours. I was normally getting a BSOD every 25-30 minutes so it appears that the problem is fixed. If not, let me know what to do! And thanks again for the help! this had been frustrating me a lot. The only problem I am having right now is that my start up takes an extremely long amount of time once logged onto Windows... If I need to make a new post about that I will but if anyone could help on here that'd save some space. I am thinking about just not having any programs start up and see if that fixes it. Thanks again!
My System SpecsSystem Spec
17 Apr 2013   #6

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run rogue killer one more time this time click on delete . Restart the PC . Run tdsskiller once more post the log and I will tell you the next steps .

edlovereze

My apologies . Regarging your logs you do have something there. That I am not " allowed " to help with. Please open up a new topic in the System Security thread of the forum . Please . Once that has been removed and you get more BSODs please upload the files and I or others that are able to help you.
My System SpecsSystem Spec
17 Apr 2013   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Just a bit of information on Rootkit.win32.BackBoot.gen:

Quote:
Defined as a Trojan virus, Rootkit.Win32.BackBoot.gen targets at almost all Windows systems, from Windows Vista to Windows 7. This type of virus possesses the ability to steal password and other sensitive personal information from compromised system. Once installed on the targeted computer, it becomes possible to hide the intrusion; it is also able to maintain administrator access. It can full control over a system that means the existing programs can be modified.

In most case, rookit virus takes action to change the browser setting, DNS settings and LAN settings to make the system at lowest security level to allow further infection and attack. It also modifies the existing program including software that might otherwise be used to detect or circumvent it.
My System SpecsSystem Spec
Reply

 Blue Screens and Pop Ups Galore (Ntoskrnl.exe)




Thread Tools



Similar help and support threads for2: Blue Screens and Pop Ups Galore (Ntoskrnl.exe)
Thread Forum
Various blue screens, mainly caused by ntoskrnl.exe BSOD Help and Support
computer blue screens often dump report mentions this ntoskrnl.exe BSOD Help and Support
Random blue screens after updating 7200.12 firmware(ntoskrnl.exe) BSOD Help and Support
Solved Rogue Blue screens/Black screens BSOD Help and Support
Frequent Blue Screens, ntoskrnl.exe BSOD Help and Support
Random blue screens - ntoskrnl.exe+70740 BSOD Help and Support
ntoskrnl.exe causing blue screens and freezes BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:51 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33