Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: "Malicious software warning", then costant BSODs

09 Aug 2012   #1
piemanmoo

Windows 7 64 bit
 
 
"Malicious software warning", then costant BSODs

yesterday everything was good and fine, when suddenly I got a bubble notification saying there was a possibly of some malicious software. I wasn't browsing any new sites or anything, and it suddenly went blue screen on me. Now whenever I restart windows it looks like it's fine, then like one minute later it gives a blue screen and a restart (so fast I cant hardly read the stop error messages. I think it said stop error 0x000000a but I'm not sure)

anyhoo, here are my dump stuff per intructions




Attached Files
File Type: zip Seven Forums.zip (2.50 MB, 3 views)
My System SpecsSystem Spec
.
10 Aug 2012   #2
smarteyeball

 
 

Quote   Quote: Originally Posted by piemanmoo View Post
yesterday everything was good and fine, when suddenly I got a bubble notification saying there was a possibly of some malicious software.
Since the PC seems to be crashing in about a minute or so, obviously you won't be able to do a normal AV scan. So:

Boot into safe mode - with networking (to give you internet access)

open a browser and run:

ESET Online Virus Scanner | ESET

And see if it picks up any nasties.

Also download and install MBAM


Run MBAM in safemode as well.


The crash dumps all show system files which doesn't point to a specific culprit. Essentially the BSOD code doesn't matter that much.


See how you go after running the scans.
My System SpecsSystem Spec
10 Aug 2012   #3
piemanmoo

Windows 7 64 bit
 
 

MBAM found a few threats, but choosing to delete them required me to restart, lauching windows out of safemode where it thereupon crashed again.


As for the online scan, it also found some threats, listed below:

C:\ProgramData\Microsoft\Windows\DRM\AAC1.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\AAC2.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\CFE1.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\CFE2.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined


I will give it a try in normal mode and see if this time it's fixed anything
edit- It did not
My System SpecsSystem Spec
.

11 Aug 2012   #4
smarteyeball

 
 

Fair chance it's still infected.

With the mbam threats, just let it detect them in safemode and then you can manually navigate and delete the threats yourself, rather than having mbam fail in normal mode.



It might be a good idea to have this thread moved to the security area where the folks are more used to cleaning systems might have a few more ideas on how to remove the infection.

(My personal method would be to back up my data and then do a fresh installation. However that method is not for everyone).
My System SpecsSystem Spec
11 Aug 2012   #5
piemanmoo

Windows 7 64 bit
 
 

reading some of the other threads in this section, I went ahead and ran tdsskiller and it seems to have solved the problem.

thanks a bunch!
My System SpecsSystem Spec
11 Aug 2012   #6
smarteyeball

 
 

Good to hear mate. Fingers crossed that's nailed it
My System SpecsSystem Spec
12 Aug 2012   #7
The Ironclad

Windows 7 Ultimate x64
 
 

You can optionally put an antivirus Live CD on a disk or mount it to a USB, boot from CD (or USB) and scan your system that way.

13 Antivirus Rescue CDs Software Compared in Search For the Best Rescue Disk
It says 13, but lists 14 Live CD antiviruses.
Just another option that may help.
My System SpecsSystem Spec
Reply

 "Malicious software warning", then costant BSODs




Thread Tools





Similar help and support threads
Thread Forum
malicious? "Host process for windows tasks" in notification area icons
When I view my notification area icons, I see an entry for "host process for windows tasks". I believe it is related to either rundll32 or task host, both of which are all in their legitimate folders. is there any reason why this would be here? It is set to show only notifications. What...
General Discussion
Question regarding "malicious website blocked " message.
I occasionally get a malicious website blocked message from Mbam , when i am in sites that i am pretty sure are clean , weird thing about it is it says it "outbound". Does this mean i have malware on my system trying to get outbound or what is this exactly because all scans including Kaspersky...
System Security
want to delete a malicious file ".trash-1000" from my pc.
i have got a malicious file on my d drive, cant delete it, and antivirus do not count it as virus. tried deleting it but "access denied" so i want to know if i can delete that file without using any antivirus i have also installed ubuntu that deletes file tmprarily on restarting ".trash=100" is...
System Security
Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
General Discussion
Random "Bad Pool Header" and "System Service Exception" BSODs
I have been getting these "Bad Pool Header" and "System Service Exception" BSODs for about a day now (the "Bad Pool Header" one tends to pop up more often then the other btw). I ran a registry cleaner which didn't work and ran memtest this morning and it showed that my memory was fine. The BSODs...
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:28.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App