How to recover after a BSOD

DoF · 28 May 2012

Hello!

I was playing Dirt 2 the other day and when I pulled the the driving wheel out of the USB slot the BSOD screen showed up and the computer shut down.
I tried to boot but it didn't load Widnows.
The Startup Repair couldn't do anything, I don't have a mounted ISO of my sistem nor any restore points created.
I can't even boot to safe mode.
I checked the whole system with Kaspersky Rescue CD and it found 7 threats, including back doors, trojans and a worm. Kaspersky then deleted all the malitious files and as far as I know none of them were system critical. But windows still won't boot. What should I do?

I greatly appreciate any help!

usasma · 28 May 2012

Not a whole bunch that we can do if the virus' have hosed your OS and you don't have any recovery disks.

I'd suggest trying a bunch of the free rescue disks from here: Free Online AntiMalware Resources
If Kaspersky deleted the TDSS rootkit, then you'll have to have a repair done to your partition table. Post over in the Security forums for more assistance with virus removal.

karlsnooks · 28 May 2012

DoF,
Click on the WDO link in my signature. Follow the instructions given there by Microsoft the download the correct version of WDO,Windows Defender Offline.

WINDOWS DEFENDER OFFLINE is NOT Windows Defender.
Microsoft made an extremely poor naming choice.

you can use the procedure given at the site.
You can use the tutorial we have on WDO

I'm going to give you a write-up of the procedure I use.

Windows Defender Offline runs without every starting your Windows.
Windows Defender Offline will install a mini-win7 into ram and run from there.

HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
· is a free standalone, bootable malware and virus remover from Microsoft.
· performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.

Download Windows Defender Offline (about 764 kB)

You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows

NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.

You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.

The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe

For the curious, this program was originally name Microsoft Standalone System Sweeper.

INSTALLATION:
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
NEXT button
Choose the option On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick WDO_Media32 or WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.

UPDATE Windows Defender Offline USB stick:
· reinsert the usb stick
· run the installation program, mssstool64.exe or mssstool32.exe, again.
· the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).

Since the malware database is sometimes updated several times in a day, always update before running.

PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives

The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.

RESULTS OF THE SCAN
The results will be in 4 log files in:
\Windows\Microsoft Antimalware\Support
Upload the four log files please.

================================

DoF · 29 May 2012

karlsnooks,
Are the results going to be stored on the usb computer booted from or on the hdd?

karlsnooks · 29 May 2012

on the hdd.

DoF · 30 May 2012

An update in my situation:

I've scanned the sys with Windows Offline Defender. It found 7 maliciuous files all of which I had removed after the scan was complete.
I installed a second HDD with another copy of windows on it. I hoped it would work and I could copy my files using it but it didn't work. Even worse, I belive the same stuff happened on that disk also, because I got a BSOD when I tried to boot, too.
Finally I booted a Live DVD with Ubuntu on it. It worked and I'm able to copy all the needed files.

Now I'm uncertain what steps to take next. I could use some software (which would be the best?) and try to recover the whatever part of the disk is stopping me from booting

OR

I could just format both drives and reinstall everything.

writhziden · 31 May 2012

There is a tutorial you can go through for failure to boot. You have already done the first two steps in it. Troubleshooting Windows 7 Failure to Boot and I believe you have also done step 9.

It is up to you whether you want to proceed with steps 3-8 or just go to step 10.

usasma · 31 May 2012

Just FYI - I had issues today with the ZeroAccess rootkit. It puts TDSS to shame. Even after removing it, the Windows installation is so hosed that we probably won't be able to fix it.

Check the virus scanners' logs to see if it was present.

At least one thing that must be done before repairing is to reset the ACL's on all files that are involved.

karlsnooks · 31 May 2012

DoF,
What happened to the four log files generated by WDO?

DoF · 01 Jun 2012

I have cleaned the sys and was able to get it back using some tools on my Win install disc. Thanks to everyone!