Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malware causing BSOD with anti-virus tool


17 Sep 2013   #1

Windows 7 Home Premium
 
 
Malware causing BSOD with anti-virus tool

I was referred to this board from the BSOD forum.

Reference thread: BOSD downloading virus removal tool and client registry error

This includes SFDT and error information.

Problem only occurs when trying to use Kaspersky Virus Removal tool. Kaspersky ISS comes up with no viruses, Defender empty, system restore didn't resolve problem.

TDSS killer found one malware, which was deleted and further scans confirm there were no threats.

My concern is removing any malware/viruses from my system, but I'm starting to wonder if there's a more serious issue since it only happens with this one program and nothing else.

My System SpecsSystem Spec
.

17 Sep 2013   #2

Windows 7 Home Premium
 
 

Did a little advance work by running Malwarebytes full scan and came up with nothing.

Report:


Protection: Enabled
9/17/2013 12:14:51 PM
mbam-log-2013-09-17 (12-14-51).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317918
Time elapsed: 44 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
My System SpecsSystem Spec
17 Sep 2013   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Copy and paste the TDSS log.
My System SpecsSystem Spec
.


17 Sep 2013   #4

Windows 7 Home Premium
 
 

Ran it again and it came up with a new "suspicious object" this time:

I couldn't paste log, so I attached it as a .txt file


Attached Files
File Type: txt TDSSlog.txt (66.1 KB, 10 views)
My System SpecsSystem Spec
17 Sep 2013   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. It will appear that CKS isn't doing anything...it is, so just be patient!
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
My System SpecsSystem Spec
17 Sep 2013   #6

Windows 7 Home Premium
 
 

This is all it gave me:

Code:
 
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.QXNAQ0
 ----- EOF -----
My System SpecsSystem Spec
18 Sep 2013   #7

Windows 7 Home Premium
 
 

BUMP

Does anyone have any ideas what to do with this? I'm at my wits end with this one; I just can't seem to get rid of it.

Deleting the file in TDSS (which is labeled suspicious) just causes a different file to come up on further scans, so it doesn't seem like TDSS is getting the job done.

Looking at my windows update, there are several failed updates involving a security definition as well as a few for windows defender (one or two at the most).

Security Update for Windows 7 for x64-based Systems (KB2872339)
Installation date: ‎9/‎16/‎2013 8:39 PM
Installation status: Failed
Error details: Code 80004004
Update type: Important

Update for Windows 7 for x64-based Systems (KB2853952)
Installation date: ‎9/‎16/‎2013 8:10 PM
Installation status: Failed
Error details: Code 80004004


Windows Malicious Software Removal Tool x64 - August 2012 (KB890830)
Installation date: ‎9/‎3/‎2012 7:09 PM
Installation status: Failed
Error details: Code 800706BE
Update type: Important
My System SpecsSystem Spec
18 Sep 2013   #8

Windows 7 Home Premium
 
 

sv76,

TDSSKiller reported:

Code:
13:09:38.0340 0x135c  [ 8ACBB0D11A99EF06BFFD09C5B4DF0925 ] 1669646drv      C:\Windows\system32\DRIVERS\1669646drv.sys
13:09:38.0355 0x135c  Suspicious file (Forged): C:\Windows\system32\DRIVERS\['p;. Real md5: 8ACBB0D11A99EF06BFFD09C5B4DF0925, Fake md5: AF34937075FC9B5FBF3D9F7E9C4BBCEB
13:09:38.0355 0x135c  1669646drv ( ForgedFile.Multi.Generic ) - warning
13:09:38.0355 0x135c  1669646drv - detected ForgedFile.Multi.Generic (1)
That appears to be a file created by the Kaspersky Virus Removal Tool.


Try uninstalling the tool:
Open the KVR Tool, and disable the Self Defense option.
Click: Complete Antivirus Protection
The uninstall window should open.
Click the Remove button.

Restart the computer.

See if that takes care of it.
My System SpecsSystem Spec
18 Sep 2013   #9

Windows 7 Home Premium
 
 

I don't have the tool installed; I was running it from Kaspersky's website. So, I can't uninstall the tool.

It makes sense that it would be a file tied to that application though since it's the only thing triggering the BSOD.
My System SpecsSystem Spec
19 Sep 2013   #10

Windows 7 Home Premium
 
 

Can you provide the exact website from which you used this tool?

There is a bogus website that installs its Kaspersky file to Windows.
Are you getting any Kaspersky Lab Antivirus Online message when the computer is rebooted?
My System SpecsSystem Spec
Reply

 Malware causing BSOD with anti-virus tool




Thread Tools



Similar help and support threads for2: Malware causing BSOD with anti-virus tool
Thread Forum
Test your anti-malware/anti-virus protection with EICAR System Security
BSOD 00x50 vipre anti-virus conflicting with new anti-virus BSOD Help and Support
combining malware&anti-virus System Security
Solved Anti-malware, Anti-virus, Anti-spyware System Security
Anti Virus & Malware - One Methods which works. System Security
Anti-virus and Anti-Malware? System Security
Panda Anti-virus causing problem System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:57 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33