[Alias50]

Hey all,

This little curiosity has been rattling around in my head for a little bit, so I thought I'd ask. About oh, a month ago, I was subject to a moment of extreme stupidity on my part when I tried launching an executable that was infected with the zero access rootkit, as part of a legitimate product. My antivirus stepped in and promptly prevented delivery of the payload. Annoyed, I turned the thing off, wanting to install my software. That didn't even happen. All I managed to do was infect myself.

Anyway, it didn't end up being quite as bad as it might seem. A few scans, and whatever was inside that executable was eradicated. The last of these was a malwarebytes sweep. It found a few remnants, and required a reboot. Upon startup, windows crashed to a blue screen. After thinking about this for a few minutes I tried booting to "Last Known Good Configuration" and that worked, so I didn't trouble myself with this any longer.

However, I'm wondering why a blue screen might occur in the first place. It doesn't seem likely that a critical file would just randomly be removed by an antivirus scanner as part of a fix. This doesn't seem like a rare occurrence either (we have a subforum dedicated to these problems)

Is there a general reason why this happens so often?

[Advertisements]

However, I'm wondering why a blue screen might occur in the first place. It doesn't seem likely that a critical file would just randomly be removed by an antivirus scanner as part of a fix. This doesn't seem like a rare occurrence either (we have a subforum dedicated to these problems)

It depends on what program you used to remove the infection. It would help if you would include the actual bsod bug check code. We can then determine if it is a software or hardware issue.

Is there a general reason why this happens so often?

If you ran any type of malware removal tool without specific instructions on what to remove you could have accidentally removed a system file without knowing it. Being a GeekU student you would know this also.

You need to provide more exact description of what you did so that we can determine the next step to take.
You have provided no info on your system or what OS you are currently running. In the case of Vista or Win7 you may be able to run a startup repair of a SFC to get all original system files back on the system.

[rshaffer61]

However, I'm wondering why a blue screen might occur in the first place. It doesn't seem likely that a critical file would just randomly be removed by an antivirus scanner as part of a fix. This doesn't seem like a rare occurrence either (we have a subforum dedicated to these problems)

It depends on what program you used to remove the infection. It would help if you would include the actual bsod bug check code. We can then determine if it is a software or hardware issue.

Is there a general reason why this happens so often?

If you ran any type of malware removal tool without specific instructions on what to remove you could have accidentally removed a system file without knowing it. Being a GeekU student you would know this also.

You need to provide more exact description of what you did so that we can determine the next step to take.
You have provided no info on your system or what OS you are currently running. In the case of Vista or Win7 you may be able to run a startup repair of a SFC to get all original system files back on the system.

[rshaffer61]

However, I'm wondering why a blue screen might occur in the first place. It doesn't seem likely that a critical file would just randomly be removed by an antivirus scanner as part of a fix. This doesn't seem like a rare occurrence either (we have a subforum dedicated to these problems)

It depends on what program you used to remove the infection. It would help if you would include the actual bsod bug check code. We can then determine if it is a software or hardware issue.

Is there a general reason why this happens so often?

If you ran any type of malware removal tool without specific instructions on what to remove you could have accidentally removed a system file without knowing it. Being a GeekU student you would know this also.

You need to provide more exact description of what you did so that we can determine the next step to take.
You have provided no info on your system or what OS you are currently running. In the case of Vista or Win7 you may be able to run a startup repair of a SFC to get all original system files back on the system.

[Alias50]

Being a GeekU student you would know this also.

Yeah, I know. In my defense, this did happen before I started training.



As I mentioned, this happened a while ago. After MBAM came back with the scan results, there were no obvious system files listed in the report, so I went ahead and cleaned them. The BSOD appeared after the reboot. After the blue screen, the very first thing I did was run SFC. Scan came back with no problems. In any case, the system is and has been running fine for quite a while. This was just something that I had been wondering about. I can't remember the actual blue screen.

After the virus first appeared, I immediately ran scans with both Symantec Endpoint Protection and Malwarebytes anti-malware. Initially, Symantec kept catching new files as they were being created by something. After I ran MBAM and rebooted, I had no more problems, except for that blue screen. I guess it's possible that some remnants still remain, not to mention any other crap that may or may not be on my system, but for now, I haven't had any problems. Might be time for an oil change, though, so to speak.

I'm attaching the aforementioned MBAM log which caused the blue screen, to be thorough.

Edited by rshaffer61, 17 April 2012 - 04:41 AM.
Removed Malware Log...not used in this forum

[rshaffer61]

I removed the log because they are not used outside of the malware forum. To help us get a ideal what is going on please do the following.

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Thanks to Broni for the instructions and program

[Alias50]

BlueScreenView did not find any minidumps. I didn't do anything to consciously delete it, but it was probably removed as a result of ccleaner or some other scheduled cleanup operation.

[rshaffer61]

Download WhoCrashed from the link in my signature below
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.

Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes
WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

http://www.resplendence.com/downloads

[Alias50]

Did not get the Debugger prompt. As I mentioned, there's nothing in the minidump folder. It was most likely cleaned automatically the next time I ran CCleaner.






System Information (local)
--------------------------------------------------------------------------------

computer name: MICHAL-PC
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: GenuineIntel Intel® Core™ i7 CPU 920 @ 2.67GHz Intel586, level: 6
8 logical processors, active mask: 255
RAM: 6433202176 total
VM: 2147352576, free: 1878949888



--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


No valid crash dumps have been found on your computer


--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. It may be that there are problems which prevent crash dumps from being written out. Check out the following article for possible causes: If crash dumps are not written out.

In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Check out the following articles for more information: Troubleshooting sudden resets and shut downs.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

[rshaffer61]

OK so has there been another BSOD since the first one?
Are you sure the infection has been taken care of?

[Alias50]

There was one more BSOD when I tried to log off another user account, and that was a few weeks ago. Hasn't been anything since, and to be perfectly honest the machine is running smoothly.

I am not one hundred percent certain that whatever caused the BSOD is resolved, or that the infection is truly gone. However, there's nothing obvious to be concerned about at the moment. Nevertheless, should I open a topic in the malware forum?

[rshaffer61]

Yep I would just to make sure the infection is completely gone. Also running all those tools will be a good test to see if another BSOD happens. This topic will remain open so if after the Malware guys are done with you and the issue is not resolved retur here and we will continue where we left off.

[rshaffer61]

Are you still having problems with your issue?
It has been 28 days since your last response and I was wondering if the issue has been resolved?
If so can you explain how it was resolved so others may be able to fix it if they have the same issue.
If not please let us know and we can continue with helping you to resolve the issue.