Rootkit virus left me with BSOD

Hi everyone...I am new here and fairly new to computer problems. I handle a number of laptops but this has got me beat. Couldn't remove rootkit virus (Alureon) till downloaded Kapersky free download. Got rid quickly but now got BSOD. No backups. Its an old but newly acquired Dell Inspiron. Originally loaded around 2010.

My first problem I don't recognise is that Windows32 is in X:\ drive...shouldn't it be in C:\ and secondly every time I search registry for C:\ drive I find every reference to it (and there are many} under 'install location' reads...

\\?\C:\Users\BRUCE_~\AppData\Local\Temp\F2B780 This seems strange to me...especially as I don't know BRUCE_~

I am very limited in what I can do on the computer as blue screen comes on at the very start of start up but I can enter the command function and regedit. My first problem is going to be negotiating your forum.
Any help will be gratefully received. ps I am having to use my HP.

It might be easier to use one of the other machines to communicate while you work on the issue. Other than that, you might try booting to Safe mode (no networking if you'll use another machine to post, with networking if you can accomplish tasks).

X: usually appears as the drive when you boot into recovery - is that where you are or are you booting off of the hard drive normally?

Cleaning a rootkit is difficult, some system files might have been affected.
Let's start with the background information and determine how you'll communicate on the forum (issue machine in Safe mode or other machine)

Please post information about your drives so that a member can determine if there is a misconfiguration. Having this information also makes it easier to a discuss course of action.
See: Disk Management - Post a Screen Capture Image
Post# 12 provides additional information on how to provide the most useful screenshot.

In addition to that addendum, please make sure that the Status column shows everything in between the parenthesis (Boot, Page file....)

---

BRUCE~ is the 8 byte representation of a longer filename. You say it is old, but newly acquired. Perhaps Bruce~ was a previous owner or the brother of the previous owner - can't really say.

Does any Bruce show up on the user account window?

We'll tackle one thing at a time.

Bill
.

Slartybart mate do you think a run with this might help dig something out re that account??
Download Kaspersky Rescue Disk 10 - just a thought in case something is really embedded:)

ICit2lol said:

Slartybart mate do you think a run with this might help dig something out re that account??
Download Kaspersky Rescue Disk 10 - just a thought in case something is really embedded:)

Can't hurt John.

I think the machine Old Nick is working on has a number of issues that stem from it being a used machine. Who knows what the previous owners configured.

The easiest and surest way to fix it would be for Old Nick' to back up any of his data (there might not be anything important on it yet - so that's a good thing too) on that machine and do a clean install
Clean Install Windows 7

The other choice is to try and find, then fix every little thing on the machine. Time consuming and the results are not guaranteed. That plus a rootkit being found - a clean install is the best path.

Bill.

Yep you're right Bill it does sound like a mish mash and I am wondering if this was sold as a refurbished machine and someone didn't do a great job on it.

I suppose the OP could always do this clean install to if he hasn't got the original media.

Clean Reinstall - Factory OEM Windows 7

Either tutorial will get the machine in order - FAST!

Slartybart said:

Either tutorial will get the machine in order - FAST!

Yep Bill I just mentioned the other one in case the OP had no media for that machine and it is an easy way of getting it
John

ICit2lol said:

Yep Bill I just mentioned the other one in case the OP had no media for that machine and it is an easy way of getting it
John

Hmmm, I thought both tutorials (tut) gave you the Win7 ISO download links, so just to be sure I double checked. Yep, both have the link.

@Old Nick: ICit2lol's (aka John) post made me check the tutorials.

If you decide to take the reinstall path, it is imperative that you read and understand all the tips/warning/info boxes. Read the tutorial first, ask questions first. It's a fairly easy and quick process, but preparation makes it even easier.

The OEM version gives detail on creating OEM recovery discs, so you might consider using that tutorial. Both tuts will wipe the drive and unless you create the OEM recovery media you lose it.

What is OEM recovery media?
Most manufacturers no longer ship recovery discs, they stick it on the hard drive and it's up to the end user to create the discs.

The recovery media discs allow the end user to restore the machine to factory condition. All Windows manufacturer supplied applications (sometimes anti-virus or Office) and the bloatware (utilities or applications that offer little value) get put on the drive just as it was from the factory.

Only one set of recovery media can be created, so if the previous owner created the media - you're out of luck if you want that. No sweat though, the tuts create a pristine environment - better, imo, than a restore to factory conditions.

I mention this because if the mfgr provided license versions of, say Office, then you'll either lose that with the clean install or you'll need to get the license key somehow (the OEM tut might tell you, it's been two years since I looked it in depth and it has changed somewhat)

Anyway, read first and ask questions.

Bill
.