Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue Screen of Death + IRC bot/virus?


  • This topic is locked This topic is locked

#1
Sean1218

Sean1218

    New Member

  • Member
  • Pip
  • 8 posts
I don't necessarily know it's the blue screen of death, I don't even know for sure I have any kind of virus because I've found nothing so far and it could possibly be on the other computer (however I haven't found anything with scans so far). There's a bit of backstory too, really need the help!! I'm running Windows 7 64x by the way.

My ISP contacted me a couple days ago and told me that I had an IRC bot/virus (after googling, I found so many other Canadians with Rogers ISP with this issue, why do no other ISPs care :D ) and needed to get rid of it or they'd cut off my internet (and they refused to give me any more info). So, I scanned with many different programs (including avast, mbam and several others) and found nothing.

Now, I was about to watch a movie on tv from netflix (i.e. need to be connected to internet), and halfway through the loading before the movie played it stopped loading. I go check the internet on my other computer (not the main one with the BSoD) and it's not working (even though the little window in the taskbar (where time is displayed) shows it is). Then I go to my main computer and for some reason it's off. I turn it back on and get a message saying my computer had a problem, and gave me some info etc.

Here's the info:

Problem Event Name: Blue Screen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 4105
BCCode: d1
BCP1: FFFFF8A003169SB8
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF880010F1FA9
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that will help describe the problem:
C:\Windows\MiniDump\100210-21481-01.dmp
C:\Users\MyUsername\Appdata\Local\Temp\WER-85394-0.sysdata.xml

For some reason I decided to uninstall the security programs I installed earlier (I only had one antivirus and one firewall to begin with, and one antivirus and firewall at the end, the rest were things like Threatfire and MBAM so don't worry). First, I uninstalled Ad-Aware, and as soon as it finished all of the programs I had pinned to my taskbar disappeared (It seems to work fine now, I can repin them and such but for some reason they all just disappeared suddenly). Also, I checked Internet again and it's working fine.

So, can anyone tell me what this means, and what I should do now given all of this?

Thanks!! Please help!

edit: System info isn't showing up under my name so here's all the relevant info I know of:

System Manufacturer: Gateway
System Model: FX4200-EBF01A
Processor: AMD Phenom™ 9750 Quad-Core Processor (4 CPUs), ~2.4GHz
Memory: 8192MB RAM
Graphics/Video Card: Nvidia GeForce 9800 GT

Edited by Sean1218, 02 October 2010 - 07:09 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - lets see what you have


Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
    Reg - NetSvcs
    Reg - Shell Spawning
    Evnt - EventViewer Logs (Last 10 Errors)
    File - Lop Check
    File - Purity Scan

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

  • 0

#3
Sean1218

Sean1218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I had Comodo Firewall and Avast running so I hope that's ok.
  • 0

#4
Sean1218

Sean1218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry, the attachment didn't go through. Thanks for replying!

Attached Files

  • Attached File  OTS.Txt   114.39KB   124 downloads

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing jumps out at me - so I would like you to run a deep AV scan

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#6
Sean1218

Sean1218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, so the first time I ran the Doctor Web Cureit, I realized how long the scan was going to take and I cancelled it so I could wait until night to run it. In this first incomplete scan it detected a couple of things (one file/directory with an extension .gz, and ~3 rogers online protection things (it's some security package from my ISP that I uninstalled within a few minutes of installing)), which were moved to the Quarantine folder. I (foolishly, after looking back), just deleted it because I assumed that the files were only copied there and not moved so I figured I'd leave it to the full scan to detect. Now, after doing the full scan, it didn't detect the original things (I guess they're gone?), and it detected 3 more, only one of which I could move to quarantine (the other two said inactive file path), and for some reason there's a descript.ion file in the quarantine folder too even though I only moved that one file.

Anyway, after the scan finished I tried to save the report like you said, but nothing would come up, so I figured it did (I guess it didn't?), although I have a CureIt.log file instead of the .csv file.

So, the new OTL.log. It won't let me upload the CureIt.log, so do you want me to copy and paste it? It's pretty huge. Let me know if I should redo these or anything.

Lastly, I was wondering if you have any idea why my computer keeps hiding extensions on files (after OTL scan maybe? or after restarting). That is, it'll display as OTL instead of OTL.log. I just turn it back on, but still, it's weird.

I'm actually starting to think I somehow got rid of the irc bot/virus (or never had it to begin with), because my ISP said they'd cut us off after 48 hours, and this thursday, it'll have been 2 weeks. Is it possible they thought I had it simply because I use an IRC client (mIRC)? I was on almost 24/7 for a while idling in the same channel. I uninstalled it and stopped using it just because of the similarity in name, but I'm not sure if that could have made a difference.

Attached Files

  • Attached File  OTS.Txt   116.61KB   65 downloads

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Lastly, I was wondering if you have any idea why my computer keeps hiding extensions on files (after OTL scan maybe? or after restarting). That is, it'll display as OTL instead of OTL.log. I just turn it back on, but still, it's weird.

I have the same problem on my windows 7 64 bit - and I haven't sussed it out yet

Well I can see no sign of malware - I feel Dr Web picked up on an unencrypted virus definition file

Do you have any other problems at all ?
  • 0

#8
Sean1218

Sean1218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No problems, just the somewhat weird, isolated issues described in my original post, and the hiding of extensions.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If that was just a one off BSOD then it is probably not a problem

Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures:

Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

#10
Sean1218

Sean1218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I still have the f_0003aa and descript.ion in the quarantine folder, so should I just delete the folder and empty recycling bin? Said it was a possible script virus.

Edited by Sean1218, 12 October 2010 - 03:54 PM.

  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes empty the quarantine folder and recycle bin
  • 0

#12
Sean1218

Sean1218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Any specific reason you recommend Puran Disc Defragmenter over something like Auslogics Disk Defrag?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I like the ability to do a boot defrag with Puran 'tis all :D
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP