About a week ago, I noticed a never-seen-before blue screen come on momentarily, then it shut the computer down and rebooted. Afterwards, no Virus protection from AVG 2015 Free + the inability to run MBAM, or even download or uninstall present versions on the computer. I followed your generic advice about running VIPRE; ran a 2 hour scan of the computer and found nothing; thus, still not able to (apparently) run .exe files. When I try to post a text message into a forum message, the IE 11 protection warning shows and the page disappears. I have attached two text files to this message which uses the FRST analysis ; any assistance would be appreciated.
AVG, MBAM disabled in Win 7 after momenatry blue screen [Solved]
Posted 01 September 2015 - 12:45 PM
Hi and welcome to G2G. Yes, we've seen reports of these exact symptoms recently and I'm actually working another thread right now with them. It may be a very new type of malware. I'll review your logs now and get back to you.
Posted 01 September 2015 - 01:00 PM
Brian.... Looking forward to working with you. Appreciate whatever assistance you can render.
Posted 01 September 2015 - 01:00 PM
OK, let's get started.
- General Instructions -
- Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
- I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
- Any fixes provided by myself are for this log file only and should not be used on any other systems.
- Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
- It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
- It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
- You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
- Please feel free to ask any questions, especially if you are having problems with my instructions.
- Save ALL Tools to your Desktop-
All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
- Finally Before We Start-
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Step#1. Retrieve Memory Dump
1. Can you copy C:\Windows\Memory.dmp to your desktop and then zip up and attach? You may need to upload the memory.zip file to a service such as SendSpace or Dropbox if it's too large to attach.
Posted 01 September 2015 - 01:14 PM
I can't locate the memory.dmp file. I have cleaned the system a few times in hopes of eradicating whatever may be affecting it...wonder if this memory file could have been eliminated since it happened?
Posted 01 September 2015 - 01:22 PM
OK, thanks. Am I correct to assume you already tried going back to a restore point as well? Are you able to pinpoint the actual date that the issue happened?
13-07-2015 11:31:55 Installed HP Support Solutions Framework
21-07-2015 17:43:33 Scheduled Checkpoint
29-07-2015 14:19:46 Scheduled Checkpoint
06-08-2015 13:35:33 Scheduled Checkpoint
17-08-2015 13:47:53 Scheduled Checkpoint
25-08-2015 14:10:23 Scheduled Checkpoint
27-08-2015 03:31:13 Restore Operation
Posted 01 September 2015 - 01:24 PM
Yes, I did try to utilize system restore, but to no avail.. several restore points at that. I am estimating that I received this blue screen around the 26th or 27th of August
Posted 01 September 2015 - 01:30 PM
Do you happen to use the Tor network or client for anything? I see references to Tor on your machine and want to ensure that this is expected.
Posted 01 September 2015 - 01:34 PM
No, I have never used the Tor network. In fact, last month's Fortune Magazine had an article about a vulnerability in Tor...and after reading that, I made up my mind that the risk was not worth it should I ever decide to use it.
Posted 01 September 2015 - 01:47 PM
Good. I have some ideas. I'd like to see if your machine even allows you to do the following. If it's a kernel rootkit I likely won't see what I need to but I'd like to try.
Step#1 - Capture Process Monitor Trace
1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Open and attempt to run a Malwarebytes scan.
3. Stop Process Monitor as soon as Malwarebytes fails to open or run. You can simply do this by clicking the magnifying glass on the toolbar as shown below.
4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up and attach the LogFile.PML file.
Posted 01 September 2015 - 02:17 PM
MBAM would not run. The Zipped logfile was 9.56 MB...too large for your 5 MB limit...any suggestions how to get it to you?
Posted 01 September 2015 - 02:22 PM
Please upload to SendSpace and just provide the link here. Thank you.
Posted 01 September 2015 - 03:15 PM
Here is the link to the Process Monitor report
Posted 01 September 2015 - 07:07 PM
Thank you. This is a nasty bugger. Let's get a dump of your Master Boot Record. Please do the following.
1. Please download FRST64.exe to an external USB thumb drive. If you don't have one that you can use, please let me know.
2. Also download the attached fixlist.txt and place this on the thumb drive. fixlist.txt 16bytes 97 downloads
3. Boot your Computer to the Recovery Environment. Instructions for doing so are here. When you get to the System Recovery Options screen, select command prompt.
4. Plug in your USB thumb drive into the computer.
5. In the command window type the word notepad and press Enter.
6. Notepad opens. Under the File menu select Open.
7. Select "Computer" and find out what your USB drive letter is and then close notepad.
8. In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your USB drive that you identified in step#7.
9. The tool will start to run.
10. When the tool opens click Yes to disclaimer if prompted.
11. Press the Fix button.
12. It will make a log (fixlog.txt) on the USB drive as well as a file named MBRDUMP.txt. Please boot back into normal windows and attach both the fixlog.txt log and the MBRDUMP.txt file.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users