Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Rootkit Intrusion Possible cause for BSoD Error 0x00000050

13 Nov 2012   #1

Windows 7 x64
 
 
Rootkit Intrusion Possible cause for BSoD Error 0x00000050

Hello, my name is Jogi. I was sent here by the BSOD team. Two weeks ago, my computer suddenly crashed while I was playing minecraft. Additionally, I was on skype with other players. The BSOD exactly happened when I clicked a link that was posted in the skype chat. Im not sure whether that guy posted a virus as the link was to a youtube video.

Then on from there I did multiple Scans with Norton at first. Nothing popped up. I posted my problem on the BSOD crash forum. They analyzed the data but they did not find a sure cause. I uninstalled Norton, and installed Avast as well as Malewarebytes. A boot time scan with Avast showed no viruses. On the onther hand the Malewarebytes keeps showing 2 trojan.agents in laptop. One is a memory process and a file. svchost.exe

Recently I pinpointed the exact time when my pc crashes. Whenever I try to install the Windows Security Updates, the system crashes. Yesterday while posting a reply on the bsod thread, Avast blocked like 20-25 malicious urls. with the process pointed toscvhost.exe. One of the members of the BSOD team said that a rootkit might have made a logical storage partition. My question is, How do I go about finding out whether a Rootkit Intrusion is the cause of the BSOD error 0x00000050?

P.s. I did use system restore to a point i think 9.23.12 the farthest I could go. Doesnt seem to work. One thing I did notice is that during the update... the system crashes exactly when it attempts to create a restore point. I really think this is a viable cause. Please assist my situation. Thanks. Let me know what additional data you need.

The link to the BSOD thread is right here: http://www.sevenforums.com/crashes-d...ml#post2176533

My System SpecsSystem Spec
.

14 Nov 2012   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Sounds like someone has compromised your computer ... Use a known "Clean" computer to change ALL your passwords! Do Not use the infected computer.

Let's flush the DNS cache and restore MS's Hosts file.
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.

Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Now, download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes Anti-Malware Download
* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
My System SpecsSystem Spec
15 Nov 2012   #3

Windows 7 x64
 
 

OK I followed your suggestions. here is the log file attached. One new thing that just started is that some \\.\globalroot\systemroot\svchost.exe keeps going to random malicious websites like -searchthetext.com/insland-groupon-expire...- automatically. There are two files detected by Malewarebytes but when they are planned for "Delete on reboot", they come back when I restart. Do you think I should try some anti-Spyware program or does Malewarebytes does it all? tell me anything else to post. Im using Avast for now which is blocking access to those malicious urls.


Attached Files
File Type: txt mbam-log-2012-11-15 (18-08-11).txt (1.9 KB, 6 views)
My System SpecsSystem Spec
.


Reply

 Rootkit Intrusion Possible cause for BSoD Error 0x00000050




Thread Tools



Similar help and support threads for2: Rootkit Intrusion Possible cause for BSoD Error 0x00000050
Thread Forum
BSOD while while Gaming Error 0x00000050 mostly BSOD Help and Support
BSOD on start up, error 0x00000050 BSOD Help and Support
BSOD using Garena Plus, error 0x00000050 BSOD Help and Support
Solved BSOD while idling, error 0x00000050 BSOD Help and Support
BSOD error 0x00000050 BSOD Help and Support
Solved BSOD error 0x00000050 after login BSOD Help and Support
Winsdow 7 BSOD error 0x00000050 BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:07 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33