PDA

View Full Version : Malware Defense / BSOD


Jchapman
2010-01-19, 02:09
Hello,
I have/had the Malware Defense virus,

I was doing stuff on google to remove the virus,

Well first off, as soon as i got the virus I get the blue screen of death when starting in normal mode.
I am in safe mode with networking at the moment,

The virus appears to be gone, Someone made a tool and i downloaded it and it appears to have removed the rootkit, Although im still getting the blue screen of death after signing in.

On google, I found this post "http://forums.spybot.info/showthread.php?t=54674"

And thats the exact same virus I have, Which is gone now, But I'm still getting the blue screen of death,


This site appears to be A LOT of help:)
Please reply asap,

I would like my computer to be back to normal asap.

Malware Bytes found the rootkit, which I had it delete it,
I ran that after I used the tool that deleted the virus,

I've ran a McAfee scan, I've scaned using Stinger, Malware Bytes, McAfee, The microsoft MRT thingy thats built in, and they all find nothing.

I really need help:/
Thanks guys.
Jchapman
2010-01-19, 02:18
Here is a little more information:
http://i46.tinypic.com/2ch9e39.jpg

I deleted it though, Its just still there from what i ahve had in the past
Jchapman
2010-01-19, 03:13
Please help I need this gone asap:/ I have seen 4 cases of this one this site.
Jchapman
2010-01-19, 04:53
Sorry, I can't edit my posts for some reason,
Here is a RootRepeal Scan:



ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/18 18:51
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x857D7000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x857E2000 Size: 40960 File Visible: No Signed: -
Status: -

Name: H8SRTwutjwtipba.sys
Image Path: C:\Windows\system32\drivers\H8SRTwutjwtipba.sys
Address: 0x8B49F000 Size: 118784 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x946EE000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Hidden Services
-------------------
Service Name: H8SRTd.sys
Image Path: C:\Windows\system32\drivers\H8SRTwutjwtipba.sys

==EOF==
tashi
2010-01-19, 07:21
Hello Jchapman,

Please see this FAQ, "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic, copy paste the HJT log into it and provide a link back to this thread.

If HJT won't run please start a new topic anyway, make note of the situation and a volunteer analyst will advise you when available.

Best regards.