Blue Screens and Pop Ups Galore (Ntoskrnl.exe)


  1. Posts : 12
    Windows 7 Home Premium 64bit
       #1

    Blue Screens and Pop Ups Galore (Ntoskrnl.exe)


    This may be a malware issue but I do not know. This is a dump file as well as a picture of my blue screen. i also get pop ups on the internet randomly that should happen and when I click links i get sent to completely different websites then I should. Thanks for any help!
      My Computer


  2. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #2

    Hi edlovereze

    Download from a clean PC so you could download the tools

    Download tdsskiller

    No code has to be inserted here.

    On the infected PC right click on TDSSKiller.exe choose Run as administrator , then click on Change parameters

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Click the Start Scan button

    If a suspicious object is detected, the default action will be Skip, click on Continue.


       Note
    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



    ROGUEKILLER

    RogueKiller Download

    Click on Download now

    Save to the Desktop.

    Close all windows and browsers
    Right click RogueKiller choose Run as Administrator

    Press: SCAN

    provide the RKreport.txt (Mode: Scan) in your reply.
      My Computer


  3. Posts : 12
    Windows 7 Home Premium 64bit
    Thread Starter
       #3

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Newter [Admin rights]
    Mode : Scan -- Date : 04/17/2013 12:18:38
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 10 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965 (cmd.exe /C start /D "C:\Users\Newter\AppData\Local\Temp" /B A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965.exe -postboot) [x] -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3180214080-296850399-2681992799-1001[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31500541AS +++++
    --- User ---
    [MBR] 4c5631f4dcf5b3b5fefeb4ae58126048
    [BSP] 7d7b4abc37269dce17ea12654ca91c84 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_04172013_02d1218.txt >>
    RKreport[1]_S_04172013_02d1218.txt
      My Computer


  4. Posts : 12
    Windows 7 Home Premium 64bit
    Thread Starter
       #4

    It was too long to copy and paste but here is the TDSS report! Thanks for the help!
      My Computer


  5. Posts : 12
    Windows 7 Home Premium 64bit
    Thread Starter
       #5

    TDSS Killer found something that was labeled as Malware and its default action was to cure so I let it do that. I have restarted my computer and it has not blue screened for 5 hours. I was normally getting a BSOD every 25-30 minutes so it appears that the problem is fixed. If not, let me know what to do! And thanks again for the help! this had been frustrating me a lot. The only problem I am having right now is that my start up takes an extremely long amount of time once logged onto Windows... If I need to make a new post about that I will but if anyone could help on here that'd save some space. I am thinking about just not having any programs start up and see if that fixes it. Thanks again!
      My Computer


  6. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #6

    Run rogue killer one more time this time click on delete . Restart the PC . Run tdsskiller once more post the log and I will tell you the next steps .

    edlovereze

    My apologies . Regarging your logs you do have something there. That I am not " allowed " to help with. Please open up a new topic in the System Security thread of the forum . Please . Once that has been removed and you get more BSODs please upload the files and I or others that are able to help you.
    Last edited by VistaKing; 17 Apr 2013 at 17:51.
      My Computer


  7. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #7

    Just a bit of information on Rootkit.win32.BackBoot.gen:

    Defined as a Trojan virus, Rootkit.Win32.BackBoot.gen targets at almost all Windows systems, from Windows Vista to Windows 7. This type of virus possesses the ability to steal password and other sensitive personal information from compromised system. Once installed on the targeted computer, it becomes possible to hide the intrusion; it is also able to maintain administrator access. It can full control over a system that means the existing programs can be modified.

    In most case, rookit virus takes action to change the browser setting, DNS settings and LAN settings to make the system at lowest security level to allow further infection and attack. It also modifies the existing program including software that might otherwise be used to detect or circumvent it.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:31.
Find Us