Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus, MBAM disabled, getting blue screen of death


  • This topic is locked This topic is locked

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
I will not be dealing with your blue screen error, it's not a third party issue. We will finish the Malware part and I'll direct you to help with the blue screen.

Next

Here's what we will do, run an ESET Scan to double check for Malware, clean up all the tools. The I'll get you assistance on the blue screen, I can deal with a third party driver causing the issue, Yours appears to be a Microsoft driver and that is out of my area.

Run the ESET scan and post the log report.


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Thanks
Joe :)
  • 0

Advertisements


#17
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Joe!

 

No problem about the blue screen situation....I appreciate you directing me to the help I need.  I will run ESET tonite. I know that scan takes a long time.

 

Yesterday I kept getting warnings from Malwarebytes that something was trying to get in my system. Then MBAM detected malware and 'quarantined' it.  I took a screen shot and attached it. I didn't know if this was a real threat or not...so I did not delete it. I just updated to version 6 of crypto prevent. Could it be causing this and MBAM is seeing these registry changes as malware, when it's  a  false positive?  Pls advise.

Attached Thumbnails

  • MBAM-Quarantine.jpg

Edited by mango_nj, 28 June 2014 - 02:53 AM.

  • 0

#18
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=13b1dbb9b465fb4db4bb5c46b9c75697
# engine=18938
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-29 07:30:13
# local_time=2014-06-29 12:30:13 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 15607649 240677785 0 0
# scanned=268435
# found=0
# cleaned=0
# scan_time=23206
 


  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Your Malwarebytes log was clean, and now ESET is also clean :)
 

I just updated to version 6 of crypto prevent.


In CryptoPrevent v6 a new layer of protection was introduced with the CryptoPrevent Filter Module, a tiny app that decides if the app that is trying to run should actually be allowed to run. The determination is made not only on a definitions based system but another system of criteria that I should not disclose specifics on.

The problem is that your Anti-Virus or Anti-Malware software may see some of CryptoPrevent’s new modifications to Windows (in order to make this possible) as malicious! This is a false positive, CryptoPrevent is not infected.


What may be detected:

Specifically, these registry keys may be detected as ‘modified‘ or ‘hijacked‘ including the keys below, where the value data will point to the CryptoPreventFilterMod.exe file in your installation directory.

scrfile\shell\open\command
cplfile\shell\open\command
piffile\shell\open\command

they are definitely CryptoPrevent’s settings, and it is safe to tell your anti-malware software to ignore them and/or whitelist them.

See http://www.foolishit.com/vb6-projects/cryptoprevent/anti-virus-anti-malware-application-warning/

Tell me you read this, and we can remove our tools. I'll get you to bluescreen support.

Joe
  • 0

#20
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Joe!

 

I've read everything. Thank you for all your help. I will go into MBAM and add those changes to my exclusions....so it can stop being detected as malware.

I'm glad it's a false alarm. Ready for tool removal and blue screen support. Appreciate everything you've done!!!!


  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Next

Since your log reports are clean and free of malware, lets clean up after ourselves.


OTL Clean-Up

Right click on the OTLicon.jpg icon on your desktop and choose Run as administrator to open the main window.

Next click on the CleanUpButtonOTL.jpg button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.


Next

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
disc%20clean.JPG


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe :)

Start a new topic In the windows7 / vista forum Here

There going to want mini dump files to review, they will instruct you.
  • 0

#22
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Joe,

I had 1 question, before I begin.  In disk cleanup, should I tick Previous Windows Installations for deletion?
I have no idea what this is for and don't want to delete something I need. Is it safe to delete
this folder? Says it will free 9.73 GB.  I am running Vista and I've never reinstalled anything. Thanks
 


Edited by mango_nj, 01 July 2014 - 01:13 AM.

  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
That's if a previous windows install was present, you will not need that so it's safe to delete.

Good luck with the blue screen issue, I'm hoping it's just a driver up-Date issue.

Thanks
Joe :)
  • 0

#24
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Thank you for all of your help Joe!!!!

 

Will start a new topic in the Vista forum. You're the best!!!

 

HAPPY 4th of JULY!!!!!


  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP