Got a trojan - crashed the PC!

Stinicker

On XP,

So I was on the internet this evening and AVG flashed up something about a trojan and I clicked remove and send to vault as you do.

About 5 mins later I started getting Internet re-directs wherby I'd click a link but be directed to either some spam site or Firefoxes malware warning page would show up.

I then tried to take action and updated Malware bytes but the retarded thing made me restart as it is about a month since I scanned last. Anyway once it shut down for the restart that was it.

Before coming to the login screen in restart process I get a blue screen, and the C000021A Fatal System Error and OXC0000005 (0X00000000 0X00000000).

I tried going in under both Safe Mode and Safe Mode with Networking but after the files load I get the same blue screen and messages. I Just want to be able to login once more to dump everything to the external hardrive before formatting and re-installing.

This thing hasn't happened to me in years and I am usually so careful using Firefox, and avoiding the usual crap that takes down MS's sh1tware so easily.

Any Ideas for to be able to login??

dnme

Boot up in safe mode and run a windows restore. Restore the PC back to an earlier time/date

dlofnep

dnme wrote: »

Boot up in safe mode and run a windows restore. Restore the PC back to an earlier time/date

Perhaps you might read their post. They said they get a blue screen in safe mode.

OP - If you can't boot up in safe mode, perhaps try a factory reset and see if there is a manufacturer system restore partition. Failing that, you may have to format and start from scratch. If you need any files that are of importance to you, install linux (ubuntu if you're not familiar with linux for user friendlyness) - mount the windows partition, and copy any files you need onto a disk.

Stinicker

dlofnep wrote: »

Perhaps you might read their post. They said they get a blue screen in safe mode.

OP - If you can't boot up in safe mode, perhaps try a factory reset and see if there is a manufacturer system restore partition. Failing that, you may have to format and start from scratch. If you need any files that are of importance to you, install linux (ubuntu if you're not familiar with linux for user friendlyness) - mount the windows partition, and copy any files you need onto a disk.

I booted in already using Linux (Knoppix) and my files are intact, however what I need is to retrieve my email accounts and my Firefox stored passwords, plus do some pre-format housekeeping of screenshots etc. to restore things back easier post-format.

I have a USB-hard drive adapter so I wonder if I hooked it up to my laptop and scanned it from here would it be able to clean out the nasties or would I risk cross contaminating my laptop also?

dlofnep

Try installing AVG for linux, and scan your Windows partition with it.

bhickey

Stinicker wrote: »

..... what I need is to retrieve my email accounts and my Firefox stored passwords, plus do some pre-format housekeeping of screenshots etc. to restore things back easier post-format.

What version of AVG do you have and was it up-to-date?

If you boot from a Linux Live CD (Ubuntu, Knoppix, Fedota etc.) then you can copy what ever data you need onto an external drive. In XP, you should copy everything under C:\Documents and Settings\<username> where <username> is the folder corresponding to your XP login name. In order to speed up scanning anf the copying of the data, you might want to clean out some of the temporary junk before you start so delete everything under :

C:\Documents and Settings\<username>\Local Settings\Temp

and

C:\Documents and Settings\<username>\Local Settings\Temporary Internet files

I have a USB-hard drive adapter so I wonder if I hooked it up to my laptop and scanned it from here would it be able to clean out the nasties or would I risk cross contaminating my laptop also?

That should work fine too as long as what you're scanning it with is good enough to detect everything. try Malwarebytes Full Scan (it allows you to select what drive you want to scan).

If you want to scan the drive without removing it then try one of the antivirus rescue CD's like Bitdefender or AVG. You don't want to actually install anything - just boot from the CD, update the virus databases and then run the scans.

chin_grin

Download Bitdefender Rescue CD from here.

http://download.bitdefender.com/rescue_cd/

(It's the .iso right click and save)

Burn it. (I'd use ImgBurn).

Put it in the machine and boot from it. Give the machine one go before it prompts you to boot from CD. If it doesn't give you this option you'll have to go in to the boot menu (I think it's F12\F11 as the machine is starting up and set it there).

Let the Bitdefender update and run a scan. See if that helps.

Also I'd recommend using Microsoft Security Essentials (I have since stopped using AVG).

Stinicker

On the netbook now, Spent the evening/night backing up my files and settings, decided to scan it using Malware bytes on the laptop which found one trojan, when I went to remove it it asked me to restart as part of the process. The trojan has now jumped ship into my laptop and taken it down too giving me the black screen on startup just showing the harddrives.

:mad::mad::mad::mad::mad:

Malware bytes is good for nothing and now I have no computer, desktop or laptop for the week only my trusty Samsung which I use for films on long flights.

Malwarebytes is crap and if I ever catch whatever techno geek wrote this virus I will happily but a bullet through his skull.

sdanseo

You should have used durex instead.

t0mm13b

sdonn wrote: »

You should have used durex instead.

Ah shure, you know the old adage - "Practice Safe Hex"

on a serious note - do not ever use AVG - it's a pile of steamin turd for an anti-virus solution

am sorry to hear you've got bitten...

the cure... destructively format the disk and wipe it clean.... and put on Linux instead :rolleyes: :eek:

sdanseo

t0mm13b wrote: »

Ah shure, you know the old adage - "Practice Safe Hex"

on a serious note - do not ever use AVG - it's a pile of steamin turd for an anti-virus solution

am sorry to hear you've got bitten...

the cure... destructively format the disk and wipe it clean.... and put on Linux instead :rolleyes: :eek:

Sorry my sense of humour is uncontrollable at this hour of the morning, must be the boredom/insomnia talking :P

Tbh I've used AVG for ages and been virus free since my last reformat (July IIRC). Touch wood it continues that way.

bhickey

Stinicker wrote: »

The trojan has now jumped ship into my laptop and taken it down too giving me the black screen on startup just showing the harddrives.

Malwarebytes is crap and if I ever catch whatever techno geek wrote this virus I will happily but a bullet through his skull.

Is there any way you can post the Malwarebytes log from the laptop (or the original computer). So in both cases, you ran Malwarebytes, it detected a trojan of some sort and when you rebooted you got the "C000021A Fatal System Error " message, is that right? Do you have AVG on both machines, if so what version and was it up-to-date on boith machines?

Did you try running the Bitdefender Rescue CD? To be honest, unless you're determined to beat this, at this stage you might be best to boot from Knoppix (or another Linux Live CD) again and get your data off before re-installing.

Stinicker

bhickey wrote: »

Is there any way you can post the Malwarebytes log from the laptop (or the original computer). So in both cases, you ran Malwarebytes, it detected a trojan of some sort and when you rebooted you got the "C000021A Fatal System Error " message, is that right? Do you have AVG on both machines, if so what version and was it up-to-date on boith machines?

Did you try running the Bitdefender Rescue CD? To be honest, unless you're determined to beat this, at this stage you might be best to boot from Knoppix (or another Linux Live CD) again and get your data off before re-installing.

I will try post up the Malwarebytes log later from the Laptop, however I am not connecting the netbook to it encase it spreads again!

I originally contracted the trojan on the Dell Desktop, I had backed up my files from the Dell to an external Harddrive last night by using a USB/IDE&Sata adapter. When I had finished that I scanned the Dell C drive using malwarebytes on the laptop, after detecting one trojan it made me restart as part of the clan out process and upon its restart I got the black screen of death showing only my harddrives.

I was using AVG 2011 on both infected computers and they were both up to date, I never had an AVG problem before until this.

I am so p'd off right now it is unbelievable.

Stinicker

Managed to get the laptop to boot by using system restore was slow as hell so had to kill loads of things, however critically I was able to backup things much easier besides having to do it forensically with another pc attached to the harddrive. Half of one down, one and a half to go!

Stinicker

Question chaps?

My laptop is Vista Home Premium but I never got disks for it, whatever software they use to extract the disks and burn them will not allow me do it. (it came with Vista pre-installed).

I have a Vista Home Premium disk which my friend installed on his self build and he said to install it and use my own key on the sticker on the laptop. Would this work?

bhickey

What make is the computer?

Stinicker

bhickey wrote: »

What make is the computer?

The Laptop is a HP Pavillion about 2.5 years old and the Dell Desktop which got infected first is 6 years (Dimension 8400) 3.4Ghz P4 with 3GB of Ram.

The HP is 2.3Ghz Core 2 duo with 3GB of Ram also, I wonder would it be worth sticking Win 7 on the laptop rather than Vista?

dnme

Stinicker wrote: »

I wonder would it be worth sticking Win 7 on the laptop rather than Vista?

Everytime...

Stinicker

dnme wrote: »

Everytime...

Cool, Vista is rather buggy, I have the Win 7 Disk from my Medion PC (Lidl one used as a HTPC) I wonder could I use that for the install and get a licence key if I rang up Microsoft?

colhickey

Might be a bit late for this, but in these situations (thank God, not very often), I use Sardu to build a rescue disk with multiple anti-vendors' rescue disks, linux live distributions, windows recovery disks (XP, Vista and 7), and other various rescue utilities onto a USB or CD/DVD boot disk.

Very handy when you don't have to install anything, just run it from the boot media.