Sign in with
Sign up | Sign in
Your question

Need Major Help With Virus + Blue Screen

Last response: in Windows 7
Share
July 17, 2012 5:46:40 AM

I posted this same issue on another website, but I will likely get a faster response here.

Ok, over the past few days I have noticed my computer acting a bit weird, especially when using the internet. Today it seems like it all came crashing down.

The first issue was noticing advertisements playing in the background (like Ford ads, roofing ads, etc). Then randomly started to play out of nowhere.

I read others having this issue, and since Norton did not pick up on this, I decided to install the Malwarebytes tool to hopefully resolve the issue. I ran a quick scan using the tool and it found 3 malicious items, which I deleted (had to restart computer to completely remove the threats).

Here is the log from the Malwarebytes scan:
Database version: v2012.07.16.12
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHNJORDAN-PC [administrator]
Protection: Enabled
7/16/2012 9:50:34 PM
mbam-log-2012-07-16 (21-50-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262354
Time elapsed: 12 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\John\AppData\Local\Temp\0.7080869459927495 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\John\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
(end)

Now after rebooting the computer like I was given instructions to do by the program, I was able to get back to my desktop, but a brand new error appeared (I don't have the exact word-for-word):

RUNDLL
There was a problem starting C:\ProgramData\Malwarebytes.....etc. The specified module could not be found.

After clicking ok for that message, and the desktop finally loads up, everything seems fine until the blue screen of death appears after 2-3 minutes or so, posts the error message, and disappers quickly, restarting the computer all over again. This is the first time I have had to deal with this type of virus/malware issue. You guys seem like the experts. What can I do to fix this pain in the butt issue?

Sorry for the long story! If any more info is needed, let me know, so I can try and get it ASAP. Thanks!

(Also, I am able to get into Safe mode with networking with no crashing issue.)
a b $ Windows 7
July 17, 2012 5:53:01 AM

try this as your norton may be out of date..uninstall it and then reboot into safe mode and try installing avg or avast. if they cant install try doing a free online scan or from another pc make a Hiren's BootCD 15.1 it has a few anti virus program built in you can make it boot from a cd or usb stick. there aslos a few free online scanner that might help.
m
0
l
a b $ Windows 7
July 17, 2012 12:26:28 PM

Quote:
There was a problem starting C:\ProgramData\Malwarebytes.....etc. The specified module could not be found.


Ok, for whatever reason, a file Malwarebytes need can't be found. Thats...worrying. I'm betting Malwarebytes is causing the BSOD as a result. Its possible Norton and Malwarebytes are conflicting in some way as well.

My recommendation:
Uninstall Norton
Re-Install MalwareBytes
m
0
l
Related resources
a b $ Windows 7
July 17, 2012 1:35:59 PM

Before you do anything else go to your system restore section and shut it off for the infected drive. This will delete all saved restore points. Many malware write copies to the restore point as well. Then run Live Update until there are no more updates, run windows update to be sure your system is up to date, if you are running Norton's firewall check to see that windows firewall and security essentials are shut off. Download a fresh version of MWB and install it. Boot to safe mode and run a full system scan using MWB and then Norton. When they are done restart and see if you are clean. If so restart system restore to create a new clean point.
m
0
l
July 17, 2012 2:29:11 PM

Ok I will try the different ideas you guys have posted. I will be back with results.
m
0
l
July 17, 2012 3:07:03 PM

Dogsnake said:
Before you do anything else go to your system restore section and shut it off for the infected drive. This will delete all saved restore points. Many malware write copies to the restore point as well. Then run Live Update until there are no more updates, run windows update to be sure your system is up to date, if you are running Norton's firewall check to see that windows firewall and security essentials are shut off. Download a fresh version of MWB and install it. Boot to safe mode and run a full system scan using MWB and then Norton. When they are done restart and see if you are clean. If so restart system restore to create a new clean point.

I have tried to do this. The problem is Safe mode (with networking) I have been using and I cannot access System Protection to delete the saved restore points (unless there is another way to complete this step). When I try to start Windows normally and try to delete the saved restore points, it is only a matter of 1 minute before the BSOD decides to show up. I did use the Disk Cleanup method of getting rid of all but the most recent restore points, but that will likely not help all the way.

I took a picture of the BSOD, in case that can help in anyway. Hopefully the link works.
m
0
l
a b $ Windows 7
July 17, 2012 3:39:51 PM

You do not want Safe with networking. Go to Safe without and run your full system scans. The fact that you can get to safe mode points to a driver problem. Before you start to address that let's try to get a clean system.
m
0
l
a b $ Windows 7
July 17, 2012 3:39:53 PM

it the virus that doing that...go into windows safe mode..under msconfig and turn everything off. then uninstall nortons and malwarebuytes both have been damaged from the virus. you want to boot from a clean usb or cd and do a virus scan that way. the hirim boot cd i posted has two or three anti vius that can be run from dos.
http://www.hirensbootcd.org/download/
you have to kill the virus first before the blue screen can be fixed.
m
0
l
July 17, 2012 4:02:48 PM

Ok, I just got into regular Safe Mode. I am having Avast and Malwarebytes run full system scans.
m
0
l
July 17, 2012 7:38:05 PM

And thanks for the continued help guys!
m
0
l
July 17, 2012 7:38:12 PM

Both Avast and Malwarebytes completed their full system scans in Safe mode and both programs found not one thing wrong. Any ideas where to go from here? I still get the BSOD after booting up Windows normally and getting on to my desktop for a minute tops.
m
0
l
a b $ Windows 7
July 17, 2012 8:09:34 PM

Well, the crash is occuring because a System Thread is crashing, due to a memory access violation. Could be due to said virus, but the fact the system is comming up clean...

At this point, I think its time to move back a step. Remove all the AV software, in case somethings gotten messed up somewhere. Then reinstall ONE.
m
0
l
July 17, 2012 8:15:40 PM

Does it matter which AV software I decide to use between AVG, Avast, Norton, and Malwarebytes?

I still noticed the RUNDLL Malwarebytes message popping up when accessing when desktop when Windows is running normal.
m
0
l
a b $ Windows 7
July 17, 2012 8:19:06 PM

Correct me if I'm wrong here, but could the two (or three) antivirus programs be interfering with each other and causing the crash? Last I checked, you only want to have one of these programs installed at a time.
m
0
l
July 17, 2012 8:28:28 PM

I will just reinstall Avast. Should I run the full system scan again, even if it found nothing before?
m
0
l
July 17, 2012 10:51:05 PM

Mystery Man said:
I will just reinstall Avast. Should I run the full system scan again, even if it found nothing before?


Bump for quick answer.
m
0
l
July 17, 2012 11:33:19 PM

Ok, so at this moment, I got rid of all the AV programs on my computer and only reinstalled Avast. I was able to boot Windows up normally and get to my desktop. The RUNDLL message for Malwarebytes still pops up though. I have finally been able to get the chance to delete all previous restore points since I have not crashed with the BSOD in the last 10 minutes. Avast is still popping up though with messages saying it blocked a malicious website.

Should I head back to safe mode now and run an Avast full system scan once again?
m
0
l
July 18, 2012 12:04:23 AM

The BSOD reared its ugly head again, but the RUNDLL error for Malwarebytes that appeared before the desktop would load up has not shown up on the last 2 occasions for restart. Hopefully we are getting somewhere.
m
0
l
a b $ Windows 7
July 18, 2012 1:06:34 AM

Try opening msconfig (you said you can get to safe mode and it runs on in SF) and select diagnostic start. Restart and see if it loads ok. If it does you will then do a selective start to try to figure out what is causing the fault.
m
0
l
July 18, 2012 3:32:56 AM

Dogsnake said:
Try opening msconfig (you said you can get to safe mode and it runs on in SF) and select diagnostic start. Restart and see if it loads ok. If it does you will then do a selective start to try to figure out what is causing the fault.

I will this next. Avast just finished the full system scan in safe mode and two threats were found. Pic of that I will post soon.
m
0
l
July 18, 2012 4:04:39 AM

ok I restarted with a diagnostic start and now back on desktop. What should I be doing next? I also noticed the BSOD error message change and will snap a pic of it next time it appears. Again thanks for the help everyone.
m
0
l
a b $ Windows 7
July 18, 2012 12:22:28 PM

Again: Unintall/Reinstall Malwarebytes. Its missing a key file [Hence the rundll error], and that is probably why the system is so unstable right now.
m
0
l
a b $ Windows 7
July 18, 2012 2:24:21 PM

Please clarify. When started in Diag. Mode do you still get BSOD or can you use the system? Please do uninstall MWB for now. It's installation may be corrupt. Have you ever done any work in the registry and are you familiar with navigating in it?
m
0
l
July 18, 2012 4:04:21 PM

gamerk316 said:
Again: Unintall/Reinstall Malwarebytes. Its missing a key file [Hence the rundll error], and that is probably why the system is so unstable right now.

I did uninstall Malwarebytes a while ago and the RunDLL error message has not reappeared since. I have not seen that message since yesterday afternoon.
m
0
l
July 18, 2012 4:13:34 PM

Dogsnake said:
Please clarify. When started in Diag. Mode do you still get BSOD or can you use the system? Please do uninstall MWB for now. It's installation may be corrupt. Have you ever done any work in the registry and are you familiar with navigating in it?

Sorry for not clarifying. When the PC is started in diagnostic mode, I have not seen the BSOD appear. I did uninstall Malwarebytes yesterday and have touched it since then. The only AV software I have on there now is Avast, which detected 2 new threats last night, which I deleted. I have not done much in the registry before, but if you guys have exact instructions for me to follow, it should not be an issue.
m
0
l
a b $ Windows 7
July 18, 2012 5:26:11 PM

Before we make any changes please provide the following info:
1. Click the start button; open All Programs; Look in the folder named "Start Up". List anything you find in there.
2. Open msconfig. (again) and open the tab labeled "Startup" and list all the items there. Open the services tab; check the "hide MS services box" and list all that remain. You can uncheck the box when done.
We are looking for entries that are not supposed to be there.
Also look in device manager and see if there are any entries with "!"(exclamation point) or "?" (question mark).
m
0
l
July 18, 2012 6:34:37 PM

Dogsnake said:
Before we make any changes please provide the following info:
1. Click the start button; open All Programs; Look in the folder named "Start Up". List anything you find in there.
2. Open msconfig. (again) and open the tab labeled "Startup" and list all the items there. Open the services tab; check the "hide MS services box" and list all that remain. You can uncheck the box when done.
We are looking for entries that are not supposed to be there.
Also look in device manager and see if there are any entries with "!"(exclamation point) or "?" (question mark).

To make it easier, I will provide pics of the things you listed. They will be up shortly.
m
0
l
July 18, 2012 8:05:04 PM

Dogsnake said:
Before we make any changes please provide the following info:
1. Click the start button; open All Programs; Look in the folder named "Start Up". List anything you find in there.
2. Open msconfig. (again) and open the tab labeled "Startup" and list all the items there. Open the services tab; check the "hide MS services box" and list all that remain. You can uncheck the box when done.
We are looking for entries that are not supposed to be there.
Also look in device manager and see if there are any entries with "!"(exclamation point) or "?" (question mark).

The Start Up folder under the Start menu was completely empty.
m
0
l
July 18, 2012 8:06:29 PM

Dogsnake said:
Before we make any changes please provide the following info:
1. Click the start button; open All Programs; Look in the folder named "Start Up". List anything you find in there.
2. Open msconfig. (again) and open the tab labeled "Startup" and list all the items there. Open the services tab; check the "hide MS services box" and list all that remain. You can uncheck the box when done.
We are looking for entries that are not supposed to be there.
Also look in device manager and see if there are any entries with "!"(exclamation point) or "?" (question mark).


Services Tab Under Msconfig


m
0
l
July 18, 2012 8:20:32 PM

Start Up Tab Under MSConfig





Also, I looked under Device Manager for anything with a "?" or "!" and yes I found only 1 item. The ? appeared by 'Other Devices' and the ! appeared on 'Ethernet Controller' when I clicked on the '+' next to Other Devices.
m
0
l
a b $ Windows 7
July 18, 2012 9:13:30 PM

OK back to msconfig. and select Selective start up. You will have 2 check boxes corresponding to the startup and services tabs. Go into each tab and uncheck every box (keep hide ms services checked). Now start one at a time checking the boxes and restarting the system (hit apply when you check a box). I would start in the startup tab first. At some point expect the system to BSOD and you will have to go into Safe mode to get in. You will then make note of what you checked that crashed the system, uncheck it and continue with each item in both tabs until done. We are trying to find what start up item(s) or service(s) that are causing the crash. GLHF :) 
Don't worry about the device manager stuff the exceptions are probably cause by not having an item in start up or services running.
m
0
l
July 18, 2012 9:20:14 PM

Dogsnake said:
OK back to msconfig. and select Selective start up. You will have 2 check boxes corresponding to the startup and services tabs. Go into each tab and uncheck every box (keep hide ms services checked). Now start one at a time checking the boxes and restarting the system (hit apply when you check a box). I would start in the startup tab first. At some point expect the system to BSOD and you will have to go into Safe mode to get in. You will then make note of what you checked that crashed the system, uncheck it and continue with each item in both tabs until done. We are trying to find what start up item(s) or service(s) that are causing the crash. GLHF :) 
Don't worry about the device manager stuff the exceptions are probably cause by not having an item in start up or services running.

Sounds like fun. :)  Will post results hopefully sometime tonight.
m
0
l
July 19, 2012 2:26:27 AM

You guys have been a great help so far and I thank each and every one of you for you advice. I need an honest answer on this one though. Would it really be easier for me to just start from scratch again and just install Windows all over again instead of doing all of this right now? Could reinstalling Windows rid me of this issue? I need this computer running smoothly ASAP and I want to take the fastest route to accomplish that goal, even if it may mean starting all over again with Windows.
m
0
l
a b $ Windows 7
July 19, 2012 3:03:06 AM

Yes if that is not a major issue for you a clean install is always best. All your data will be saved in a folder called "old windows".
m
0
l
July 19, 2012 3:05:04 AM

Dogsnake said:
Yes if that is not a major issue for you a clean install is always best. All your data will be saved in a folder called "old windows".

Yeah it would not be a huge issue. Should I transfer any music files and game save files I have now or should I not worry about those?
m
0
l
a b $ Windows 7
July 19, 2012 2:39:47 PM

If you have the resources I would make separate back ups of any data I wanted (pics., music, documents and game saves). These should be saved for you in the old windows folder that will appear after the new install. Better safe than... You will need to reinstall all programs, mail clients and address books, drivers and updates. After the install, you need to run windows update (over and over) until there are no more. Remember to install you security programs also (fire wall and av). Though programs appear in old windows they still need to be reinstalled so it is good practice to make a list of everything and assemble the discs or web sites to get the programs. After each is done check them off. Also you will need to download and install a pdf reader, adobe flash and your browser if it is not Explorer.
m
0
l
July 19, 2012 9:23:13 PM

Thanks for the help guys. I actually reinstalled everything. Did a clean upgrade from 32-bit 7 to 64-bit 7 and it is running smooth now. Just have to get everything back on again.
m
0
l
a b $ Windows 7
July 20, 2012 12:21:27 AM

Very nice, glad things worked out.
m
0
l
!