![]() |
![]() |
#1 (permalink) |
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
|
![]()
Hi,
I'm trying to help sort out a friends PC with frustrating results. It's a long story involving traces of old virus infections etc. so I'll keep it very short. Dell PC McAfee security suite was being used. Traces of infection still evident but successfully cleaned up with MBAM and SAS HiJack This file appears clean Installed XP SP3 Uninstalled McAfee including using the clean up tool they make available though keep pretty hidden! No remaining traces of McAfee can be found now. Now the problem - Installed Avast 5 but on reboot BSOD just before desktop loads. Booted successfully in safe mode where I uninstalled Avast. Tried Avira with exactly the same results therefore also uninstalled in safe mode. Memory dumps suggest issues related to fltmgr.sys, ntkrnlpa.exe, ntoskrnl.exe Can't find where to go from here. Currently the PC is operating fine but with no AV installed (Windows firewall ok). I'm nervous to try another AV (was considering MSE) in case the same thing happens, for fear I can't enter safe mode to uninstall! Anyone have similar experiences? Any suggestions appreciated? |
![]() |
![]() |
![]() |
#2 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
Seems like the virus infection was heavy, and had its toll on the PC, and the PC might be infected even now.
My suggestion at this stage, would be to use any antivirus rescue CD like Avira, or recently featured AVG Rescue CD, on the site. That would prevent any virus to be active. I would also suggest Trend Micro HouseCall, which I found to be excellent, in case of infections like these, but since there is no resident AV on the PC, connecting to the internet would be too risky. My suggestion is an antivirus rescue CD.
__________________
Anupam |
![]() |
![]() |
![]() |
#3 (permalink) |
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
|
![]()
Thanks Anupam.
I was thinking more along the lines of OS file damage rather than a virus still being on the system as both Avira and Avast install and update successfully but on the first reboot the BSOD occurs. MBAM and SAS installed and work fine (as did HijackThis). Nevertheless, I'll take your advice and give HouseCall a try. |
![]() |
![]() |
![]() |
#4 (permalink) |
Been Here Since the Begin
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,344
|
![]()
I agree that connecting to the internet without an AV is risky, but I'd probably do it anyway. I'd either run HouseCall or download and run Hitman Pro. (The rescue CD's are a great suggestion as well.)
In the end, you may end up having to do a re-format.
__________________
Been here since the beginning. |
![]() |
![]() |
![]() |
#5 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
You can try and run System File Checker. It will run a file check on the important system files, and will ask for damaged files to be replaced. You need to have the CD of the OS for that, because it will ask for a CD, if it finds any damaged files.
The command is : sfc /scannow Here is a help page for it : http://www.updatexp.com/scannow-sfc.html
__________________
Anupam |
![]() |
![]() |
![]() |
#6 (permalink) |
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
|
![]()
@Kendall
Yep, re-format would probably fix it but with everything that's on the PC that's a biggie, especially as I don't think all the relevant software discs are still around! I haven't looked into the procedure for re-installing a Dell PC but I suspect it won't be straightforward especially as some hardware components have also been changed some time ago. I've considered trying to reinstall McAfee but it appears to run even in safe mode (at least something appears in the tray) so if I get the same BSOD's it'll be game over! |
![]() |
![]() |
![]() |
#7 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
Since you won't have an AV, and you do decide to connect to the internet, then to be safe, you can try installing HIPS like WinPatrol, or ThreatFire... so that they can detect changes to the system and warn you. You may also try PrevX, besides those. It may not be able to remove the infections, but it can detect them.
Also run scans with anti-rootkits to make sure, there are no rootkits lurking. Some good ones are Sophos Antirootkit, Gmer, Rootrepeal. But, you might have to take some help, with their results. You can also try installing Panda Antivirus.
__________________
Anupam |
![]() |
![]() |
![]() |
#8 (permalink) |
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
|
![]()
@Anupam
Thanks for the System File Checker link. I ran it but it gave no message to say anything needed fixing. I also ran Chkdsk and no problems were reported. Regarding rootkits, I've already run an FS Backlight scan and it was clean. I'm becoming more and more inclined to blame McAfee security suite for the problem but I'm unsure if even reinstalling it will get things back to normal, albeit with an unsatisfactory payware AV solution ![]() |
![]() |
![]() |
![]() |
#9 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
Yea, it may be because of McAfee. You can try reinstalling McAfee, and see how things go. If it is OK, then at least you will have a resident AV protection. You can then scan PC with online virus scanner... like Trend Micro HouseClean.
You can give one of the rescue CDs a try, because they won't install any AV. Also, you can try to decode the BSODs by searching for them on Google, with the STOP code, and the error message. You can find stuff on Google related to those BSODs. You can take a look here as a start : http://aumha.org/a/stop.htm
__________________
Anupam |
![]() |
![]() |
![]() |
#10 (permalink) | |
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
|
![]() Quote:
I've scanned with Housecall and it was clean! I've also spent a lot of time searching the internet with the stop codes I have but without success ![]() As I said earlier, the memory dumps suggest issues related to fltmgr.sys, ntkrnlpa.exe, ntoskrnl.exe but there is nothing specific out there to point me in the right direction. I'm convinced it has to be a driver conflict between a resident AV component (common to both Avast and Avira as it affects both in a similar way) and another driver loading with windows but not in safe mode. I just hope that reinstalling McAfee will put things back to normal rather than cause even more severe effects ![]() ![]() |
|
![]() |
![]() |
![]() |
Thread Tools | |
Display Modes | |
|
|