Windows 7: "Malicious software warning", then costant BSODs

yesterday everything was good and fine, when suddenly I got a bubble notification saying there was a possibly of some malicious software. I wasn't browsing any new sites or anything, and it suddenly went blue screen on me. Now whenever I restart windows it looks like it's fine, then like one minute later it gives a blue screen and a restart (so fast I cant hardly read the stop error messages. I think it said stop error 0x000000a but I'm not sure)

anyhoo, here are my dump stuff per intructions

Since the PC seems to be crashing in about a minute or so, obviously you won't be able to do a normal AV scan. So:

Boot into safe mode - with networking (to give you internet access)

open a browser and run:

ESET Online Virus Scanner | ESET

And see if it picks up any nasties.

Also download and install MBAM


Run MBAM in safemode as well.


The crash dumps all show system files which doesn't point to a specific culprit. Essentially the BSOD code doesn't matter that much.


See how you go after running the scans.

MBAM found a few threats, but choosing to delete them required me to restart, lauching windows out of safemode where it thereupon crashed again.


As for the online scan, it also found some threats, listed below:

C:\ProgramData\Microsoft\Windows\DRM\AAC1.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\AAC2.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\CFE1.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\CFE2.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_23.31.54\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined


I will give it a try in normal mode and see if this time it's fixed anything
edit- It did not

Fair chance it's still infected.

With the mbam threats, just let it detect them in safemode and then you can manually navigate and delete the threats yourself, rather than having mbam fail in normal mode.



It might be a good idea to have this thread moved to the security area where the folks are more used to cleaning systems might have a few more ideas on how to remove the infection.

(My personal method would be to back up my data and then do a fresh installation. However that method is not for everyone).

reading some of the other threads in this section, I went ahead and ran tdsskiller and it seems to have solved the problem.

thanks a bunch!

Good to hear mate. Fingers crossed that's nailed it

You can optionally put an antivirus Live CD on a disk or mount it to a USB, boot from CD (or USB) and scan your system that way.

13 Antivirus Rescue CDs Software Compared in Search For the Best Rescue Disk
It says 13, but lists 14 Live CD antiviruses.
Just another option that may help.