Are you still getting the alerts ?
Possible Rootkit Infection?
Posted 26 June 2011 - 11:00 AM
Are you still getting the alerts ?
Posted 26 June 2011 - 11:10 AM
Posted 26 June 2011 - 11:11 AM
However, I ran all those scans (ComboFix, SAS, ESET, etc.) when c: was dirty. After running chkdsk c: /f /x do you think the scans would work now?
Edited by rvold7871, 26 June 2011 - 11:13 AM.
Posted 26 June 2011 - 02:44 PM
A problem has been detected and Windows has been shut down to prevent damage to your computer.
If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you might need.
If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.
*** STOP: 0x0000007A (0xE248B938, 0xC000000E, 0xBF91E66F, 0x144EE860)
*** win32k.sys - Address BF91E66F base at BF800000, DateStamp 4d6f95bd
Beginning dump of physical memory
Now, before it BSOD'd, I managed to get the file names of some malware that SAS picked up:
Adware.Tracking Cookie x 4
Trojan.Agent/Gen-Bancos x 1
I know it's no log, but it's something finally. What do you think we should do now?
Posted 26 June 2011 - 03:01 PM
I have a feeling we are looking at either RAM or overheating as being the root cause
If you have more than one RAM module installed, try starting computer with one RAM stick at a time.
NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A
B. If you have only one RAM stick installed...
1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86+-2.11.iso.zip file.
3. Inside, you'll find memtest86+-2.11.iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:
8. Locate memtest86+-2.11.iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:
10. Once the CD is created, boot from it, and memtest will automatically start to run. You may have to change the boot sequence in your BIOS to make it work right.
To change Boot Sequence in your BIOS
Reboot the system and at the first post screen (where it is counting up memory) start tapping the DEL button
This will enter you into the Bios\Cmos area.
Find the Advanced area and click Enter
Look for Boot Sequence or Boot Options and highlight that click Enter
Now highlight the first drive and follow the directions on the bottom of the screen on how to modify it and change it to CDrom.
Change the second drive to the C or Main Drive
Once that is done then click F10 to Save and Exit
You will prompted to enter Y to verify Save and Exit. Click Y and the system will now reboot with the new settings.
The running program will look something like this depending on the size and number of ram modules installed:
It's recommended to run 5-6 passes. Each pass contains very same 8 tests.
This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.
The following image is the test results area:
The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.
Posted 26 June 2011 - 04:03 PM
Edited by rvold7871, 26 June 2011 - 04:05 PM.
Posted 26 June 2011 - 08:30 PM
Posted 26 June 2011 - 10:02 PM
Posted 27 June 2011 - 10:08 AM
I ran SAS but I only did a check on C:\System Volume Information (that's where the trojan was found), I found the trojan, and paused the scan before it could crash. I immediately quarantined it, rebooted, and ran a SAS full system scan. And guess what, it ran to completion and produced a log! Here is that log.
Posted 27 June 2011 - 10:27 AM
Download Speedfan (The download link is to the right), and install it. Once it's installed, run the program and post here the information it shows.
The information I want you to post is the stuff that is circled in the example picture I have attached.
To make sure we are getting all the correct information it would help us if you were to attach a screenshot like the one below of your Speedfan results.
To do a screenshot please have click on your Print Screen on your keyboard.
- It is normally the key above your number pad between the F12 key and the Scroll Lock key
- Now go to Start and then to All Programs
- Scroll to Accessories and then click on Paint
- In the Empty White Area click and hold the CTRL key and then click the V
- Go to the File option at the top and click on Save as
- Save as file type JPEG and save it to your Desktop
- Attach it to your next reply
Speedfan instructions posted with acknowledgment to rshaffer61
Posted 27 June 2011 - 10:57 AM
Something like this to ensure a good airflow
Posted 27 June 2011 - 11:01 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users