Author Topic: BSOD on xp startup (trojan?) (Read 4248 times)

liamb123 · « **on:** January 06, 2010, 12:49:21 PM »

Hi

I was on the net last night and one of those fake anti-virus pop-ups came up and managed to install something before i could close it - i noticed a few processes running such as a.exe, b.exe and c.exe

anyway AVG came up and said i was infected by a trojan (i can't remember the name, sorry) so i sorted that out - however now when i go to start XP up i get a BSOD after the xp splash screen, which unfortunatley only stays on for a split second so i can't read the error message. it then just repeats itself.

The same thing also happens if i try to go into safe mode.

I have ERD Commander and the xp setup disc if these are of any help

Thanks,
Liam

harry 48 · « **Reply #1 on:** January 06, 2010, 01:16:45 PM »

http://www.computerhope.com/forum/index.php/topic,46313.0.html

go to above and complete , post the 3 logs and an expert will see them

liamb123 · « **Reply #2 on:** January 06, 2010, 01:20:15 PM »

I can't do that unfortunately as the BSOD comes up before xp has loaded, in both normal and safe mode

harry 48 · « **Reply #3 on:** January 06, 2010, 01:34:58 PM »

try this below , courtesy of allan

Download a boot time anti virus scanner (pick one: http://www.google.com/search?hl=en&rlz=1T4GGLL_enUS304US305&ei=WHFCS-DZLMW8lAeTsP2fBw&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CAYQBSgA&q=download+boot+time+av+scanner&spell=1). Burn it to a cd and put the cd in the infected computer. Make sure the cd is at the top of the boot order in bios, then boot to the cd and run the scan.

harry

liamb123 · « **Reply #4 on:** January 06, 2010, 06:28:33 PM »

Right, so i used the 'Avira AntiVir Rescue CD' and here are the scan results

I had to type them out (yes it took ages) so i might have got the odd letter wrong

ALERT: [HTML/IFrame.NAP] /media/devices/hdc1/site.html <<< Contains detection pattern of the HTML script virus HTML/IFrame.NAP
not removable
/media/devices/hdc1/dunno/gallery.php
ALERT: [HTML/IFrame.NAP] /media/devices/hdc1/dunno/gallery.php <<< Contains detection pattern of the HTML script virus HTML/IFrame.NAP
not removable
/media/devices/sda1/documents and settings/liampc/application data/sun/java/deployment/cache/6.0/49/6b800f31-4bd0b4d7
ALERT: [JAVA/Agent.S] /media/devices/sda1/documents and settings/liampc/application data/sun/java/deployment/cache/6.0/49/6b800f31-4bd0b4d7 --> vmain.class <<< contains detection pattern of the Java virus JAVA/Agent.S
/media/devices/sda1/documents and settings/liampc/local settings/temp/aowcrxmsen.tmp
ALERT: [tr/Click.VBiframe.apy] /media/devices/sda1/documents and settings/liampc/local settings/temp/aowcrxmsen.tmp <<< is the trojan horse TR/Click.VBiframe.apy
not removable
/media/devices/sda1/documents and settings/liampc/local settings/temp/rwceoxmsan.tmp
ALERT: [tr/Scar.bbbc] /media/devices/sda1/documents and settings/liampc/local settings/temp/rwceoxmsan.tmp <<< is the trojan horse TR/Scar.bbbc
not removable
/media/devices/sda1/documents and settings/liampc/local settings/temp/mnxarcwsoe.tmp
ALERT: [tr/Vilsel.ojq] /media/devices/sda1/documents and settings/liampc/local settings/temp/mnxarcwsoe.tmp <<< is the trojan horse TR/Vilsel.ojq
not removable
/media/devices/sda1/documents and settings/liampc/local settings/temp/moxacenwrs.tmp
ALERT: [tr/FakeAV.gy.9] /media/devices/sda1/documents and settings/liampc/local settings/temp/moxacenwrs.tmp <<< is the trojan horse TR/FakeAV.gy.9
not removable
/media/devices/sda1/documents and settings/liampc/local settings/temp/jar_cache3462332232613219885.tmp
ALERT: [JAVA/Agent.S] /media/devices/sda1/documents and settings/liampc/local settings/temp/jar_cache3462332232613219885.tmp --> myf/y/AppletX.class <<< contains detection pattern of the Java virus JAVA/Agent.S
/media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/OPAXMURX/searchCAG142SW.htm
ALERT: [HTML/Infected.webpage.gen] /media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/OPAXMURX/searchCAG142SW.htm <<< contains detection pattern of the html script virus HTML/Infected.WebPage.Gen
not removable
/media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/OPAXMURX/2[1].php
ALERT: [HTML/Infected.WebPage.Gen] /media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/OPAXMURX/2[1].php <<< contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
not removable
/media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/0QVU709I/resultCADGBOQX.htm
ALERT: [HTML/Infected.WebPage.Gen] /media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/0QVU709I/resultCADGBOQX.htm <<< contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
not removable
/media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/0QVU709I/result[3].htm
ALERT: [HTML/Infected.WebPage.Gen] /media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/0QVU709I/result[3].htm <<< contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
not removable
/media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/0QVU709I/result[6].htm
ALERT: [HTML/Infected.WebPage.Gen] /media/devices/sda1/documents and settings/liampc/local settings/temporary internet files/content.IE5/0QVU709I/result[6].htm <<< contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
not removable
/media/devices/sda1/system volume information/_restore{64FD3B6O-8CD1-4918-92E7-OEB29EFO742B}/RP259/A0019265.exe
ALERT: [tr/Dropper.Gen] /media/devices/sda1/system volume information/_restore{64FD3B6O-8CD1-4918-92E7-OEB29EFO742B}/RP259/A0019265.exe <<< is the trojan horse TR/Dropper.Gen
not removable
/media/devices/sda1/system volume information/_restore{64FD3B6O-8CD1-4918-92E7-OEB29EFO742B}/RP259/A0019267.exe
ALERT: [tr/Agent.deot.3] /media/devices/sda1/system volume information/_restore{64FD3B6O-8CD1-4918-92E7-OEB29EFO742B}/RP259/A0019267.exe <<< is the trojan horse TR/Agent.deot.3
not removable
/media/devices/sda1/system volume information/_restore{64FD3B6O-8CD1-4918-92E7-OEB29EFO742B}/RP259/A0019268.exe
ALERT: [tr/Agent.deot.2] /media/devices/sda1/system volume information/_restore{64FD3B6O-8CD1-4918-92E7-OEB29EFO742B}/RP259/A0019268.exe <<< is the trojan horse TR/Agent.deot.2
not removable
/media/devices/sda1/windows/system32/net.net
ALERT: [tr/Click.VBiframe.apy] /media/devices/sda1/windows/system32/net.net <<< is the trojan horse TR/Click.VBiframe.apy
not removable
/media/devices/sda1/windows/system32/drivers.atapi.sys
ALERT: [tr/Patched.Gen] /media/devices/sda1/windows/system32/drivers/atapi.sys <<< is the trojan horse TR/Patched.Gen
not removable

harry 48 · « **Reply #5 on:** January 07, 2010, 12:40:17 PM »

ok you will have to wait for an expert to read the log and help you

Computer Hope Forum

News:

Author Topic: BSOD on xp startup (trojan?) (Read 4248 times)

liamb123

BSOD on xp startup (trojan?)

harry 48

Re: BSOD on xp startup (trojan?)

liamb123

Re: BSOD on xp startup (trojan?)

harry 48

Re: BSOD on xp startup (trojan?)

liamb123

Re: BSOD on xp startup (trojan?)

harry 48

Re: BSOD on xp startup (trojan?)