Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Rootkit virus left me with BSOD

25 May 2014   #1
Old Nick

Windows 7 Home Premium 32 Bit
 
 
Rootkit virus left me with BSOD

Hi everyone...I am new here and fairly new to computer problems. I handle a number of laptops but this has got me beat. Couldn't remove rootkit virus (Alureon) till downloaded Kapersky free download. Got rid quickly but now got BSOD. No backups. Its an old but newly acquired Dell Inspiron. Originally loaded around 2010.

My first problem I don't recognise is that Windows32 is in X:\ drive...shouldn't it be in C:\ and secondly every time I search registry for C:\ drive I find every reference to it (and there are many} under 'install location' reads...

\\?\C:\Users\BRUCE_~\AppData\Local\Temp\F2B780 This seems strange to me...especially as I don't know BRUCE_~

I am very limited in what I can do on the computer as blue screen comes on at the very start of start up but I can enter the command function and regedit. My first problem is going to be negotiating your forum.
Any help will be gratefully received. ps I am having to use my HP.


My System SpecsSystem Spec
.
25 May 2014   #2
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

It might be easier to use one of the other machines to communicate while you work on the issue. Other than that, you might try booting to Safe mode (no networking if you'll use another machine to post, with networking if you can accomplish tasks).

X: usually appears as the drive when you boot into recovery - is that where you are or are you booting off of the hard drive normally?

Cleaning a rootkit is difficult, some system files might have been affected.
Let's start with the background information and determine how you'll communicate on the forum (issue machine in Safe mode or other machine)

Please post information about your drives so that a member can determine if there is a misconfiguration. Having this information also makes it easier to a discuss course of action.
See: Disk Management - Post a Screen Capture Image
Post# 12 provides additional information on how to provide the most useful screenshot.

In addition to that addendum, please make sure that the Status column shows everything in between the parenthesis (Boot, Page file....)



BRUCE~ is the 8 byte representation of a longer filename. You say it is old, but newly acquired. Perhaps Bruce~ was a previous owner or the brother of the previous owner - can't really say.

Does any Bruce show up on the user account window?

We'll tackle one thing at a time.

Bill
.
My System SpecsSystem Spec
27 May 2014   #3
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Slartybart mate do you think a run with this might help dig something out re that account??
Download Kaspersky Rescue Disk 10 - just a thought in case something is really embedded
My System SpecsSystem Spec
.

27 May 2014   #4
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Quote   Quote: Originally Posted by ICit2lol View Post
Slartybart mate do you think a run with this might help dig something out re that account??
Download Kaspersky Rescue Disk 10 - just a thought in case something is really embedded
Can't hurt John.

I think the machine Old Nick is working on has a number of issues that stem from it being a used machine. Who knows what the previous owners configured.

The easiest and surest way to fix it would be for Old Nick' to back up any of his data (there might not be anything important on it yet - so that's a good thing too) on that machine and do a clean install
Clean Install Windows 7

The other choice is to try and find, then fix every little thing on the machine. Time consuming and the results are not guaranteed. That plus a rootkit being found - a clean install is the best path.

Bill.
My System SpecsSystem Spec
27 May 2014   #5
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Yep you're right Bill it does sound like a mish mash and I am wondering if this was sold as a refurbished machine and someone didn't do a great job on it.

I suppose the OP could always do this clean install to if he hasn't got the original media.

Clean Reinstall - Factory OEM Windows 7
My System SpecsSystem Spec
27 May 2014   #6
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Either tutorial will get the machine in order - FAST!
My System SpecsSystem Spec
27 May 2014   #7
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Quote   Quote: Originally Posted by Slartybart View Post
Either tutorial will get the machine in order - FAST!
Yep Bill I just mentioned the other one in case the OP had no media for that machine and it is an easy way of getting it
John
My System SpecsSystem Spec
27 May 2014   #8
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Quote   Quote: Originally Posted by ICit2lol View Post
Yep Bill I just mentioned the other one in case the OP had no media for that machine and it is an easy way of getting it
John
Hmmm, I thought both tutorials (tut) gave you the Win7 ISO download links, so just to be sure I double checked. Yep, both have the link.

@Old Nick: ICit2lol's (aka John) post made me check the tutorials.

If you decide to take the reinstall path, it is imperative that you read and understand all the tips/warning/info boxes. Read the tutorial first, ask questions first. It's a fairly easy and quick process, but preparation makes it even easier.

The OEM version gives detail on creating OEM recovery discs, so you might consider using that tutorial. Both tuts will wipe the drive and unless you create the OEM recovery media you lose it.

What is OEM recovery media?
Most manufacturers no longer ship recovery discs, they stick it on the hard drive and it's up to the end user to create the discs.

The recovery media discs allow the end user to restore the machine to factory condition. All Windows manufacturer supplied applications (sometimes anti-virus or Office) and the bloatware (utilities or applications that offer little value) get put on the drive just as it was from the factory.

Only one set of recovery media can be created, so if the previous owner created the media - you're out of luck if you want that. No sweat though, the tuts create a pristine environment - better, imo, than a restore to factory conditions.

I mention this because if the mfgr provided license versions of, say Office, then you'll either lose that with the clean install or you'll need to get the license key somehow (the OEM tut might tell you, it's been two years since I looked it in depth and it has changed somewhat)

Anyway, read first and ask questions.

Bill
.
My System SpecsSystem Spec
Reply

 Rootkit virus left me with BSOD




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Large file named 'Rootkit' scanned with anti-virus. 4 boot records
Hi So today I was running a quick scan with my anti-virus/malware software (Bt Netprotect + in association with McAfee) and happened to glance at the screen to see this: The file being scanned was labelled Rootkit The quick scan was 99% complete 0 issues had been detected 0 issues has...
System Security
trojan rootkit and virus prevention
how can I protect my sony vaio laptop from getting infected with another trojan rootkit or any virus that will ruin it? are you folks still recommending MSE? (my computer tech is recommending AVG. he says MSE has gone downhill.) are you still recommending web of trust add-on? would it...
System Security
Rootkit Virus killed my computer. Restored but still too slow to use?!
Hey Guys. My computer was recently infected with a rootkit virus from what I could tell. When first discovered, my virus check took 38 hours and found 6898 virus's, I moved these to the chest and predictebly it killed windows, I was unable to boot into it or safe mode. I used my installation...
System Security
aswMBR scan for rootkit virus clean-up
Hi, Following the above instuctions. I did a scan of my system attached is the log file for you review. Plese let me know how shd I proceed ahead. Thanks.
System Security
Corrupt ci.dll rootkit virus help
Hi guys, I am new here and I have to admit that I am not very good with computers. I know my way around the software and terminology, but once the console opens up I am clueless. I have been battling a rootkit virus for a few days now and I think I am very close to the solution. My computer...
BSOD Help and Support
Hidden Rootkit Files... VIRUS?
thanks in advance to anyone who can give me some insight. i've finally got my computer looking the way i want and running as fast as an atom can produce, but i've run into a problem. i recently hid a bunch of folders i never access, and subsequently ran a virus scan. none of these issues...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App