BSOD caused by iaStor.sys following a wave of trojans..

theshoemaker · 02 May 2011

A few days ago I got a trojan on my system (noticed it from some strange popup), after which the system was extremely slow and unresponsive. I managed to boot into safe mode and run Malwarebytes, which found 37 infections. I ran multiple scans attempting to get rid of all infections, found a few additional ones in a full scan, after which I ran a clean scan. After this, the system still seemed slow, I ran TDSSKiller, which showed up clean, and then I ran Microsoft Security Essentials, which found several infections that were cleaned.

After cleaning these up, scans show clean, and the system worked fine for half a day, but now I'm getting constant bluescreens mentioning iaStor.sys. I can boot into all safe modes, but a regular startup results in a BS about 30 seconds into Windows.

I found a number of posts about this and apparently iaStor.sys is a driver for Intel Matrix Storage. I figured I'd update it, but I could only find an old version on Intel's site. I searched for "intel matrix storage" and selected Windows 7 32-bit here: http://downloadcenter.intel.com/

I assume this is the right one, but its older than the one I had: http://downloadcenter.intel.com/Deta...17882&lang=eng

I though mine might just be corrupt, so installed the older one anyway to see if there is any change, but no help with the BSOD. am I downloading the wrong thing? it seemed to include iaStor.sys though.

based on other threads, this sounded like a TDSS infection so I've been trying TDSSKiller constantly, but it comes up clean.

What else can I do?

I've attached dump files - please note that this problem started on 04/28 - possible earlier dumps were related to another problem that was fixed.

**cluberti** · 02 May 2011

Anytime a system gets a virus that you have to clean post-infection, I strongly suggest simply backing up your files and reinstalling Windows *clean* (not a repair). However, if you have a reason why you can't do this, you can try to make sure your drivers are updated for all hardware and software, that you have run a successful (and clean) sfc /scannow pass, that chkdsk /f /r /x on your hard disk(s) comes back clean with no errors, and that an offline scan of your system completes without any infections found. Bitdefender has a good (and free) bootable CD (ISO image download here) that you can use to clean your machine offline - instructions here (also includes USB key instructions if you wish to use that rather than a CD/DVD), although scanning from read-only media would be preferable for obvious reasons.

mgorman87 · 02 May 2011

Try running a rootkit scan in safe mode

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

theshoemaker · 02 May 2011

tried TDSSKiller in safe mode as well, didn't find anything.

I already started prepping for a clean install, I suppose it would be the safest route. I shouldn't have anything thats not backed or couldn't be easily.

thanks for the thoughts