Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Blue Screens and Pop Ups Galore (Ntoskrnl.exe)

16 Apr 2013   #1
edlovereze

Windows 7 Home Premium 64bit
 
 
Blue Screens and Pop Ups Galore (Ntoskrnl.exe)

This may be a malware issue but I do not know. This is a dump file as well as a picture of my blue screen. i also get pop ups on the internet randomly that should happen and when I click links i get sent to completely different websites then I should. Thanks for any help!


My System SpecsSystem Spec
.
16 Apr 2013   #2
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Hi edlovereze

Download from a clean PC so you could download the tools

Download tdsskiller

Description :Download :
TDSSKillerdownload

On the infected PC right click on TDSSKiller.exe choose Run as administrator , then click on Change parameters

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Click the Start Scan button

If a suspicious object is detected, the default action will be Skip, click on Continue.


Note   Note
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



ROGUEKILLER

RogueKiller Download

Click on Download now

Save to the Desktop.

Close all windows and browsers
Right click RogueKiller choose Run as Administrator

Press: SCAN

provide the RKreport.txt (Mode: Scan) in your reply.
My System SpecsSystem Spec
17 Apr 2013   #3
edlovereze

Windows 7 Home Premium 64bit
 
 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Newter [Admin rights]
Mode : Scan -- Date : 04/17/2013 12:18:38
| ARK || FAK || MBR |

Bad processes : 2
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]

Registry Entries : 10
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965 (cmd.exe /C start /D "C:\Users\Newter\AppData\Local\Temp" /B A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965.exe -postboot) [x] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3180214080-296850399-2681992799-1001[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST31500541AS +++++
--- User ---
[MBR] 4c5631f4dcf5b3b5fefeb4ae58126048
[BSP] 7d7b4abc37269dce17ea12654ca91c84 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04172013_02d1218.txt >>
RKreport[1]_S_04172013_02d1218.txt
My System SpecsSystem Spec
.

17 Apr 2013   #4
edlovereze

Windows 7 Home Premium 64bit
 
 

It was too long to copy and paste but here is the TDSS report! Thanks for the help!
My System SpecsSystem Spec
17 Apr 2013   #5
edlovereze

Windows 7 Home Premium 64bit
 
 

TDSS Killer found something that was labeled as Malware and its default action was to cure so I let it do that. I have restarted my computer and it has not blue screened for 5 hours. I was normally getting a BSOD every 25-30 minutes so it appears that the problem is fixed. If not, let me know what to do! And thanks again for the help! this had been frustrating me a lot. The only problem I am having right now is that my start up takes an extremely long amount of time once logged onto Windows... If I need to make a new post about that I will but if anyone could help on here that'd save some space. I am thinking about just not having any programs start up and see if that fixes it. Thanks again!
My System SpecsSystem Spec
17 Apr 2013   #6
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run rogue killer one more time this time click on delete . Restart the PC . Run tdsskiller once more post the log and I will tell you the next steps .

edlovereze

My apologies . Regarging your logs you do have something there. That I am not " allowed " to help with. Please open up a new topic in the System Security thread of the forum . Please . Once that has been removed and you get more BSODs please upload the files and I or others that are able to help you.
My System SpecsSystem Spec
17 Apr 2013   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Just a bit of information on Rootkit.win32.BackBoot.gen:

Quote:
Defined as a Trojan virus, Rootkit.Win32.BackBoot.gen targets at almost all Windows systems, from Windows Vista to Windows 7. This type of virus possesses the ability to steal password and other sensitive personal information from compromised system. Once installed on the targeted computer, it becomes possible to hide the intrusion; it is also able to maintain administrator access. It can full control over a system that means the existing programs can be modified.

In most case, rookit virus takes action to change the browser setting, DNS settings and LAN settings to make the system at lowest security level to allow further infection and attack. It also modifies the existing program including software that might otherwise be used to detect or circumvent it.
My System SpecsSystem Spec
Reply

 Blue Screens and Pop Ups Galore (Ntoskrnl.exe)




Thread Tools





Similar help and support threads
Thread Forum
Constant Blue Screens,ntoskrnl.exe IRQL_NOT_LESS_OR_EQUAL
Hello all! I've been having a VERY annoying issue as of late. I usually keep my computer in standby when I go to bed on weekdays. However, multiple times a week, I turn my laptop on to find out that it shut down. When I log in, I get the "windows has recovered from an unexpected shutdown"...
BSOD Help and Support
Blue screens of death on new laptop - ntoskrnl.exe+75b80
I've just received a new laptop in the last few days, however I'm encountering BSODs at random intervals. The laptop was a custom build by PCSpecialist, I've contacted their support, but as I'm not sure where the issue might lie I thought I'd post here. When the laptop first booted it blue...
BSOD Help and Support
Various blue screens, mainly caused by ntoskrnl.exe
Edit: im currently running a memory diagnostics to see if my ram is corrupted, it didnt occur to me to do it till now but it seems that some of my hardware has problems, im not sure what yet but i know now that its not all just my windows install Recently i did a clean install of windows 7 from...
BSOD Help and Support
Frequent Blue Screens, ntoskrnl.exe
Most of the solutions for ntoskrnl.exe BSODs seem to be for Windows xp. Anyone able to give me a hand?
BSOD Help and Support
Random blue screens - ntoskrnl.exe+70740
Hi, over the last week I've been getting random blue screens (mainly SYSTEM_SERVICE_EXCEPTION, but the most recent was KMODE_EXCEPTION_NOT_HANDLED) all related to ntoskrnl.exe+70740. I've noticed that when I restart after getting the blue screen, should I enter the BIOS, all the SATA drives...
BSOD Help and Support
ntoskrnl.exe causing blue screens and freezes
um i created my own thread lasttime but what ever dont go nuts at me i only have 1 minidump i recently ran windows debug manager with the symbols which pointed me to the driver for my razor diamodback mouse and as i recall getting a virus this virus must of infected the driver that or windows...
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 18:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App