Malware causing BSOD with anti-virus tool

Page 1 of 2 12 LastLast

  1. sv76
    Posts : 15
    Windows 7 Home Premium
       New #1

    Malware causing BSOD with anti-virus tool


    I was referred to this board from the BSOD forum.

    Reference thread: BOSD downloading virus removal tool and client registry error

    This includes SFDT and error information.

    Problem only occurs when trying to use Kaspersky Virus Removal tool. Kaspersky ISS comes up with no viruses, Defender empty, system restore didn't resolve problem.

    TDSS killer found one malware, which was deleted and further scans confirm there were no threats.

    My concern is removing any malware/viruses from my system, but I'm starting to wonder if there's a more serious issue since it only happens with this one program and nothing else.
      My Computer
    Quote Quote

  3. sv76
    Posts : 15
    Windows 7 Home Premium
    Thread Starter
       New #2

    Did a little advance work by running Malwarebytes full scan and came up with nothing.

    Report:


    Protection: Enabled
    9/17/2013 12:14:51 PM
    mbam-log-2013-09-17 (12-14-51).txt
    Scan type: Full scan (C:\|D:\|E:\|F:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 317918
    Time elapsed: 44 minute(s), 20 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
      My Computer
    Quote Quote

  4. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #3

    Copy and paste the TDSS log.
      My Computer
    Quote Quote

  6. sv76
    Posts : 15
    Windows 7 Home Premium
    Thread Starter
       New #4

    Ran it again and it came up with a new "suspicious object" this time:

    I couldn't paste log, so I attached it as a .txt file
    Malware causing BSOD with anti-virus tool Attached Files
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #5

    Download CKScanner by askey127 from HERE
    Important - Save it to your desktop.
    Doubleclick CKScanner.exe and click Search For Files.
    After a very short time, when the cursor hourglass disappears, click Save List To File. It will appear that CKS isn't doing anything...it is, so just be patient!
    A message box will verify the file saved.
    Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
      My Computer
    Quote Quote

  8. sv76
    Posts : 15
    Windows 7 Home Premium
    Thread Starter
       New #6

    This is all it gave me:

    Code:
     
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.QXNAQ0
 ----- EOF -----
      My Computer
    Quote Quote

  10. sv76
    Posts : 15
    Windows 7 Home Premium
    Thread Starter
       New #7

    BUMP

    Does anyone have any ideas what to do with this? I'm at my wits end with this one; I just can't seem to get rid of it.

    Deleting the file in TDSS (which is labeled suspicious) just causes a different file to come up on further scans, so it doesn't seem like TDSS is getting the job done.

    Looking at my windows update, there are several failed updates involving a security definition as well as a few for windows defender (one or two at the most).

    Security Update for Windows 7 for x64-based Systems (KB2872339)
    Installation date: ‎9/‎16/‎2013 8:39 PM
    Installation status: Failed
    Error details: Code 80004004
    Update type: Important

    Update for Windows 7 for x64-based Systems (KB2853952)
    Installation date: ‎9/‎16/‎2013 8:10 PM
    Installation status: Failed
    Error details: Code 80004004


    Windows Malicious Software Removal Tool x64 - August 2012 (KB890830)
    Installation date: ‎9/‎3/‎2012 7:09 PM
    Installation status: Failed
    Error details: Code 800706BE
    Update type: Important
    Last edited by sv76; 18 Sep 2013 at 10:03. Reason: added info
      My Computer
    Quote Quote

  11. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #8

    sv76,

    TDSSKiller reported:

    Code:
    13:09:38.0340 0x135c  [ 8ACBB0D11A99EF06BFFD09C5B4DF0925 ] 1669646drv      C:\Windows\system32\DRIVERS\1669646drv.sys
13:09:38.0355 0x135c  Suspicious file (Forged): C:\Windows\system32\DRIVERS\['p;. Real md5: 8ACBB0D11A99EF06BFFD09C5B4DF0925, Fake md5: AF34937075FC9B5FBF3D9F7E9C4BBCEB
13:09:38.0355 0x135c  1669646drv ( ForgedFile.Multi.Generic ) - warning
13:09:38.0355 0x135c  1669646drv - detected ForgedFile.Multi.Generic (1)
    That appears to be a file created by the Kaspersky Virus Removal Tool.


    Try uninstalling the tool:
    Open the KVR Tool, and disable the Self Defense option.
    Click: Complete Antivirus Protection
    The uninstall window should open.
    Click the Remove button.

    Restart the computer.

    See if that takes care of it.
      My Computer
    Quote Quote

  12. sv76
    Posts : 15
    Windows 7 Home Premium
    Thread Starter
       New #9

    I don't have the tool installed; I was running it from Kaspersky's website. So, I can't uninstall the tool.

    It makes sense that it would be a file tied to that application though since it's the only thing triggering the BSOD.
      My Computer
    Quote Quote

  13. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #10

    Can you provide the exact website from which you used this tool?

    There is a bogus website that installs its Kaspersky file to Windows.
    Are you getting any Kaspersky Lab Antivirus Online message when the computer is rebooted?
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
As many of you know(quite a few don't) what EICAR is, this is a open poll to see what programs pick it up and what programs fail the basic tests. I am conducting this poll because A-Squared failed to see this on a scan, but MSE picked it up before it could be downloaded. So after you take...
I did a bonehead move of installing PC tools anti-virus before uninstalling vipre on my wife who's out of town. The kids infected it playing flash games. long story short, Her Gateway (win7 home premium) is on a a start-up loop. All I can get to work with a recovery disk is get into the DOS prompt...
First of all i would like to apologize if this topic is in wrong category, or it should not even be asked on this site. And second of all, please be patience :) i'm a noob looking for answers :o So whats all about? Well i'm meeting new terms here and i have no idea what they mean and what they do....
Anti-virus and Anti-Malware?
in System Security

Hey everyone! I had a question I can't find on the fourms, maybe I'm not looking right, but my question is can i run Malwarebytes' Anti-Malware and Microsoft Essentials Anti-spyware and Virus protection at the same time? I just want to be sure.:sarc:
Hi Guys, I have an issue which is pretty annoying, every time I scan my computer with Panda Global Protection 2010, it found around 500 spywares. If I scan again 2 minutes after, Panda anti-virus still detect around 400-500 spywares. I don't know why it's doing this and how to make sure it doesn't...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 11:14.
Find Us