Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dell 8400 BSOD on reboot


  • Please log in to reply

#1
stluiewmn

stluiewmn

    Member

  • Member
  • PipPip
  • 15 posts
My computer had a slowdown around 8 am on Sat morning, then again a few hours later. Both times, I lost a modem light (2Wire) and after the second time, I knew something was wrong. I pulled up the SUPERantispyware program, and after seven years of living without worms, viruses or trojans, it showed two trojans which included about 400 instances of garbage. I freaked, and failed to write down the names of the miscreants, and told the program to clean them. My AVG (yes, the McAfee had expired :blink: ) then popped up and announced it was turned off! Yikes! I suppose the trojans were the culprits. I tried to activate the AVG, then had the msg that SUPERantispyware had deleted the invaders, but needed to reboot. Doing what I thought best....sigh...

Upon reboot, I saw the opening screen, then....the OS Win XP professional failed to load with the error:

stop: 0X0000007B (0XF7943524,0XC0000034,0X00000000,0X00000000)

This occured around 1pm CST on Saturday. No safe mode, no go back to previous configuration, no nothing. BSOD.

The blue screen tells me to run CHKDSK/F and I would, 'cept I don't see a DOS area where I can type this in!

Finally, I went for the gold. I clicked every bar, box or option I could find -- and ran into the diagnostics area. Cool.

After hours of scanning the hard drive, BIOS, even the keyboard :) all tests passed. I took pics of some of these screens with my digital cam, just in case I needed to show someone.

In between-time, on the other side of the room, I went into high gear, worrying about my passwords, CC numbers, etc, so I set up my older computer to try to do any damage control necessary by changing passwords, etc. Yea. High gear. 36k :whistling:

Running at the time of the crash was just the AVG and ZoneAlarm. I run AdAware, SUPERantispyware, Spybot, and a paid version of SpySweepr (which I think is just about worthless) every couple of days to whisk away any lurkers.

Soooooo... is there any hope? My warranty expired 9/9. (crying smiley)

Can my hard drive contents be saved? (most was backed up) Can these trojans and their monster friends be irradicated from my computer? Do I need a professional (CompUSA starts at $99!)

What should be my next step? Anyone?? :help: I'm all ears. Thanks.
  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Are you able to do this

The boot volume is corrupted and cannot be initiated by Windows XP. If the file system is corrupted and if Windows XP cannot initiate the boot volume during the startup process, either move the drive to another computer that is running Windows XP and run the chkdsk command on that drive

Or were you able to run chkdsk
  • 0

#3
stluiewmn

stluiewmn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Oh, I see. Makes sense. I have never opened a computer myself, but I know someone in our IS department, who could remove the drive. Thanks for the tip, Keith.

I never did find the area to run the CHKDSK/F. Is it possible from F2 or F12 -- or another function key?
  • 0

#4
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Boot the PC and keep tapping F8 until you get options, select safe mode with command prompt, type

chkdsk volume:/f

press enter
  • 0

#5
stluiewmn

stluiewmn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
No, that one goes into blue screen too -- safe mode, sm with prompts...all down the line, I tried every option, without success.

Is that more of a clue? : (

Also, I forgot to add, two days prior, I had downloaded the latest critical update from Windows Update, so everything was up to date..not that it made a difference.
  • 0

#6
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
If your friend will put your drive in another PC, go that route because he will also be able to get any data off if chkdsk won't run
  • 0

#7
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest
heres some more inormation on your situation

Boot-Sector Viruses
You may receive a "Stop 0x0000007B" error message if your computer is infected with a boot-sector virus. Check your computer for viruses. If you find a virus, also check any floppy disks for viruses before you use them again.

Microsoft does not provide software that can detect or remove computer viruses. If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. For a list of antivirus software manufacturers, click the following article number to see the article in the Microsoft Knowledge Base:
49500 List of Antivirus Software Vendors
Note You may have to use more than one brand of virus-detection software to detect and remove various viruses.

Important If your computer has been infected, it may be open to additional forms of attack. We recommend that you rebuild infected Internet-facing servers by following the guidelines that are published on the CERT Web site. Internet-facing servers are servers that function without a firewall or other protection. It is also a good idea to rebuild any other computers that are at risk because of their proximity to infected computers before you put them back in service.

If a virus has infected your Windows XP-based computer and a virus-detection program cannot remove the virus and repair the system, you must repartition and format your hard disk and reinstall Windows XP. For additional information about partitioning and formatting a hard disk with Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
313348 How to partition and format a hard disk in Windows XP
For additional information about how to help protect the boot sector from viruses in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
122221 How to protect boot sector from viruses in windows
  • 0

#8
stluiewmn

stluiewmn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
:whistling: Thank you much Keith. I'll make that call tomorrow.

Oy what a pain dis is.

Fantastic to have help at my fingertips, just for the asking. And I am lucky enough to have this 2nd computer to ask away (now hooked up to the DSL modem. Geez...hope it wasn't affected by the crash. :blink: )

Thanks for all the additional info, rushin1nd! I had never delved into reading about the 'boot' sector, so this is all new to me.

Thanks again ~~
  • 0

#9
stluiewmn

stluiewmn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
{Trojan.Vimalov} I may have found the culprit. I didn't know what Vector Markup Language has to do with a computer, but it does seem to fit my problem. In SUPERantispyware, when I saw the names of the two trojans, I only remembered one began with a V. (Trojan.V****)

The first thing I did on Saturday morning was to send a picture to an online newspaper (for my sister) which I had reformatted from .doc to .jpeg. The webmaster had trouble pulling it up, so went back to the drawing board -- Word, which was how the original pic had been sent to me. I searched websites to find more info on how to convert to a viable format. I finally saved them in .tiff and also .gif, and sent again. On the second try, he received the pictures and said all looked fine.

It was VERY shortly afterwards when my computer first had a slowdown, and lost connection. After the second slowdown, a few hours later, that is when I ran the spyware scan, and found the trojans. I think my mistake was trying to delete so fast. I should have researched the names of the trojans and used my HiJack this to post a log somewhere -- here would have been good! :whistling:

I had downloaded the latest criticals from Windows on Thursday. I was fritzing around between Word and the pics, two days later, then..boom. Yea, it seems to fit....

from Symantec: http://www.symantec....day_exploi.html

Trojan.Vimalov: A zero-day exploit in VML, in Internet Explorer

The trend of new exploits being released immediately after Microsoft's Patch Tuesday is continuing (we are starting to call it "exploit week"). Symantec Security Response have confirmed a new Internet Explorer zero-day vulnerability today. It was first reported by Sunbelt Software. Security Response is rating it as critical because an exploit for this vulnerability is already in-the-wild.

We have confirmed that this exploit takes advantage of a bug in VML (vector markup language, which is an XML language used to produce vector graphics) to overflow a buffer and inject shell code. The exploit then downloads and installs multiple security risks, such as spyware, on the compromised machine.

An interesting feature of the Web sites hosting the malicious pages is that they appear to track the IP addresses of visitors, preventing further downloads.

In order to provide proactive protection for our customers against malicious attacks that attempt to leverage the vulnerability, Symantec Security Response has released intrusion prevention (IPS) signatures for the vulnerability, as well as antivirus signatures for the exploit. We currently detect this specific exploit as Trojan.Vimalov and have created a heuristic detection for this exploit as well. Customers are advised to ensure that they have the latest security updates installed.

Update: Microsoft have published an advisory (Microsoft Security Advisory 925568) with further information on the vulnerability, as well as mitigating strategies.

Upon further analysis, we have determined that the malicious Web site administrators hosting this exploit appear to be using an off-the-shelf suite, called Web-Attacker. This modular suite, available for purchase for only a few dollars, is capable of serving visitors with a number of different exploits—the VML exploit being just the latest available in the suite. The main page can identify the OS version (including the presence of Windows XP Service Pack 2), browser type, JVM version, the presence of antivirus software, and then it will choose the right exploit to run.

~~~~~~ Doesn't help my 8400. but it may help someone out there. ~~~~~~~

Edited by stluiewmn, 03 October 2006 - 07:31 AM.

  • 0

#10
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest
did your computer get started
  • 0

Advertisements


#11
stluiewmn

stluiewmn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Naw. Still sitting all by its lonesome. I did that 'research' before I started work, and any attempts to revive will have to wait. It's only noon here. I'll report back, when I have some news.

Although, I did call my friend in the I.S. department and it seems they have a very narrow way of thinking about viruses. She said they don't hassle with a computer with a bad virus, and certainly don't test the hard drive in another one. Uhhhh...okay.

I know you guys know what you're talking about. I now need to take another avenue to test this drive without spending a fortune.

Till later....
  • 0

#12
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Try booting with the XP installation cd and entering Recovery Console. Once in Recovery Console, type chkdsk /r at the prompt and press "Enter". You will probably be told the volume is busy and asked if you want to run the check on the next boot...type Y and press "Enter". Reboot.

This is a very long check...let it finish...the machine should then boot to Windows.

wannabe1
  • 0

#13
stluiewmn

stluiewmn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Recovery should mean just that, right? I'll give it a whirl at quittin' time. (I work at home, which is why I am so worried about this problem. My work computer is networked to a local hospital, but it feeds off the ethernet through my home pc!!)

Thank you!
  • 0

#14
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Recovery Console is a tool that will allow you to run certain checks and recovery operations before the Windows interface loads. chkdsk /r will check the drive over and recover any problems it finds...your data will not be affected.
  • 0

#15
stluiewmn

stluiewmn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Nope. :whistling: It's a mess. Could not run the chkdsk, nor had any success with the recovery console. I finally threw caution to the wind, and was going to do a clean install. It loaded everything, then, when it came time to install, it could not find the hard drive. :blink:

I took a couple of pics from the 'back door' diagnostics.

Shouldn't the total capacity state 160GBs instead of MBs...if the hard drive was okay? I'm such a dunce.

Any suggestions. Whaaaaaaaaa.

Attached Thumbnails

  • CompProbsOct2006_008.resized.jpg
  • CompProbsOct2006_003.resizedneg.jpg

Edited by stluiewmn, 05 October 2006 - 09:18 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP