Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 09-02-2011, 11:32 PM
ASDCR's Avatar
ASDCR ASDCR is offline
 
Join Date: Mar 2009
Location: San Diego
Posts: 174
ASDCR is an unknown quantity at this point
Question wth?!? got a STRANGE one - need some help...

hey guys, check this out...

client w/ dell XPpro desktop called w/ this virus - "full pc scan" (appeared to me at first like a variant of one of the typical 'xp antivirus 2011' rogue a/v scams that have been going around)

the virus does run in safe mode

had to run "kill" to kill all non-system processes in order to run mbam and combofix

eventually got successful scans to finish with them, but at least once with each the virus would crop up and "do something" - with combofix the first time i ran it combofix initiated a restart and on the way back up i got a blue screen, restarted then into safe mode and it continued scanning where it left off - then with mbam first run mbam got killed and the main "scanning" screen of the virus appeared - restarted into safemode, ran "kill" and continued with MBAM and it ran to completion

from then on, things got *really* screwy

upon restart into normal mode after cfix and mbam, got bsod indicating problem w/ kdcom.dll when attempting to boot into normal mode

tried to do an inplace install w/ WinXP - right at the point where it says "starting windows" i got an error i hadn't ever seen before, saying "windows could not start because an error in the software - load needed dlls for kernel" etc (see pic - link below)

when i ran spin-rite, it gave me some whack error message indicating a problem w/ the HD (again, see pic)

i took pix along the way just cuz it was interesting to me - lo and behold, might have been a good idea so i can show you guys what i did and what i saw!


i went ahead and slaved the HD to another laptop and i could access all the files no problem

since it was connected via usb to a nearby win7 laptop, i went ahead and ran checkdisk - and it found no problems (!)


THEN (!) as if all the above wasn't screwy enough, i went ahead and PURCHASED a brandy-spankin new HD and went to install XP from fresh un-opened OS media... and i got a bsod! (see last pic in the album)

see pix here




ok.. c'mon guys - WHAT do you think is going on here?


do i gotta flash the bios or something? something gone whack w/ the HD controller??

is THIS what viruses have come to??

or is this just my incompetence on show for the whole world to see? (afraid of that answer actually! haha!)
__________________
All San Diego Computer Repair
Computer Problems... SOLVED!
- Facebook - "like" me!
- Twitter - "follow" me!
- Google+ - add me to your Google+
- Root Metrics - cellphone signal coverage maps! cool!

Last edited by ASDCR; 09-02-2011 at 11:39 PM.
Reply With Quote
  #2  
Old 09-03-2011, 12:19 AM
parker.casey's Avatar
parker.casey parker.casey is offline
 
Join Date: Nov 2010
Location: Washington State
Posts: 554
parker.casey is on a distinguished road
Default

Some of that sounds like advanced virus coding ... other parts sound like coincidence.
__________________
First Flight Simulators Ltd.
Reply With Quote
  #3  
Old 09-03-2011, 12:31 AM
xxsilk109xx's Avatar
xxsilk109xx xxsilk109xx is offline
 
Join Date: Apr 2009
Location: Savannah, GA
Posts: 1,220
xxsilk109xx is an unknown quantity at this point
Default

Have you tried to slave the hard drive and remove the virus that way? Or use a boot disk like avg or dr web
__________________
Keep Calm and Chive On!
Reply With Quote
  #4  
Old 09-03-2011, 12:40 AM
ASDCR's Avatar
ASDCR ASDCR is offline
 
Join Date: Mar 2009
Location: San Diego
Posts: 174
ASDCR is an unknown quantity at this point
Default

Quote:
Originally Posted by xxsilk109xx View Post
Have you tried to slave the hard drive and remove the virus that way? Or use a boot disk like avg or dr web
no, not yet




the part that gets me is... i put a whole new HD in

!!


and i'm still getting this blue screen!
__________________
All San Diego Computer Repair
Computer Problems... SOLVED!
- Facebook - "like" me!
- Twitter - "follow" me!
- Google+ - add me to your Google+
- Root Metrics - cellphone signal coverage maps! cool!
Reply With Quote
  #5  
Old 09-04-2011, 06:06 PM
ASDCR's Avatar
ASDCR ASDCR is offline
 
Join Date: Mar 2009
Location: San Diego
Posts: 174
ASDCR is an unknown quantity at this point
Default

oh.. one more detail i forgot to mention - i restored BIOS to factory defaults after getting the BSOD during XPhome install
__________________
All San Diego Computer Repair
Computer Problems... SOLVED!
- Facebook - "like" me!
- Twitter - "follow" me!
- Google+ - add me to your Google+
- Root Metrics - cellphone signal coverage maps! cool!
Reply With Quote
  #6  
Old 09-04-2011, 08:45 PM
Pc Fixed Right Pc Fixed Right is offline
 
Join Date: Feb 2008
Location: NH
Posts: 862
Pc Fixed Right is on a distinguished road
Send a message via AIM to Pc Fixed Right
Default

have you tried installing xp pro or home via a different disc yet?
your media might be damaged

have you checked for blown caps?
bad ram?
stripped it down to the bear essentials and installing the os?
did you happen to make a restore point prior to using combofix, tried last good configuration?

you can also try this
Boot tһе Windows XP disc
Select tһе REPAIR option wіtһ tһе com mand base Recovery Console.
Select tһе drive οf уουr Windows installation.

Aftеr determining уουr disc drive letter, type tһеѕе below commands аחԁ press Enter аftеr each commands:
C:\WINDOWS\>CD system32
C:\WINDOWS\system32>COPY kdcom.dll C:\
C:\WINDOWS\system32>DEL kdcom.dll
C:\WINDOWS\system32>COPY D:\I386\kdcom.dl_
C:\WINDOWS\system32>REN kdcom.dl_ kdcom.dll
C:\WINDOWS\system32>EXIT

Last edited by Pc Fixed Right; 09-04-2011 at 08:49 PM.
Reply With Quote
  #7  
Old 09-05-2011, 09:36 AM
marianoemilio's Avatar
marianoemilio marianoemilio is offline
 
Join Date: Jan 2009
Posts: 178
marianoemilio is on a distinguished road
Default

I think it's a defective RAM.
Reply With Quote
  #8  
Old 09-05-2011, 08:50 PM
Mr.Mike Mr.Mike is offline
 
Join Date: Aug 2009
Location: California Central Coast
Posts: 1,131
Mr.Mike is on a distinguished road
Default

+1 to PC Fixed Right. Initially, I would have slaved the HDD first, then run the removal/repair software. Otherwise, you should follow through with what PCFR says.
Reply With Quote
  #9  
Old 09-05-2011, 09:47 PM
EnigmaTech EnigmaTech is offline
 
Join Date: Oct 2010
Location: Gold Coast Australia
Posts: 94
EnigmaTech is an unknown quantity at this point
Default

Agree, sounds like it could be defective RAM. Have you run the crash dump analysis from Safe Mode (windbg) should tell you exactly what is causing the BSOD.
Reply With Quote
Reply

Tags
full pc scan, rogue, virus

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:15 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.