Need help with virus causing bsod.

[robrien]

So, I was downloading something from a torrent sight and it came with a keygen. Well the file was legit but the keygen was not. When my antivirus software, (AVG at the time) Stopped and said not to let it access my hard drive, I ignored it and allowed it to anyway. Now I keep getting the blue screen. I have tried using several AV programs to find it but during the scan my computer crashes. I have booted in safe mode with the same problem. I have tried aviara (I think that's what its called) That is a linux program that does not use windows and it found a trojan and renamed it because it was not able to delete it. But when I run my AV software it still crashes. I have even done a system restore to before I got the virus. Still nothing. Anyhelp?

[solin]

Robrien, try this way..

Try this first ...

* Start in SAFE mode and click Start and type in the search bar

cmd

Right click the 'command' icon in the upper left of the search menu and click 'Run as Administrator'

Type the following in the command box ...

sfc / scannow

(note the space the between sfc and / scannow)

and hit Enter / Return.
When the scan finishes, re-start.

* Note: On start up (before Windows loads) keep tapping either F5 or F8 (be aware That some manufacturers use F8 for system recovery!) Then use arrow keys to highlight 'Safe Mode' and hit Enter / Return, click on a user account, enter the password (if you do not know it, Probably there is not one so leave it blank) and hit enter / return.

or

Backup your Important data to the flash / disk / external drive then ...

1. Power on the machine.
2. At the white ACER BIOS screen, hold the "Alt" key and press the "F10" key simultaneously to start Acer eRecovery. The window of opportunity is very small, so this may take A Few attempts.
3. Once eRecovery has loaded, click "Restore to Factory Default Settings"
4. Click "OK" to continue.
5. From here, the eRecovery process Will update all the data on the C: drive and restore a fully functional factory image (approximately 10 minutes).
6. Once eRecovery has run, press "OK" to reboot the unit.

*** This Will erase all your unsaved data! ***

or

1. Reboot, and press F8.
2. Select Repair.
3. Select Reinstall Windows and follow prompts.

*** This Will erase all your unsaved data! ***

[leofelix]

@ robrien
welcome
first, keygens are never legit.
second: what O.S do you use? (XP/Vista/Windows 7)
Third.
Download
TDSS Killer by Kaspersky from here
Run it in safe mode.
Now download MalwareBytes' AntiMalware free from here

Install it, update it and run a full scan (if you are not able to install it, rename the installer as explorer.exe or taskeng.exe)
Post the results in your reply. I'll take a look into
Thanks

[robrien]

Hey thanks leofelix. I am using a HP notebook and it has Windows 7 Ultimate installed on it. Intel Celeron. I am going to do what you said and try it again. I will reply back as soon as I reboot.[COLOR="Silver"]

[INDRANIL]

Follow what leo said above. After that if prob still persist download Hitman pro (Activate if virus found) and attach a HijackThis log here. Do not try to fix any thing !!!!.

[robrien]

Robrien, try this way..


or

or

Hey thanks solin. I have tried that with the command prompt. It did not work. Also I'm not using an acer

---------- Post added 06-20-2011 at 01:26 AM ---------- Previous post was 06-19-2011 at 11:57 PM ----------

Ok, I did exactaly what you said and after running TDSS Killer. I was for once able to run MalwareBytes for some reason. Thanks again to you Indranil. The results from MalwareBytes are as follows

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6899

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/20/2011 1:08:08 AM
mbam-log-2011-06-20 (01-08-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 270742
Time elapsed: 50 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC Player (Trojan.FakeVLC) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\VlcPlus\uninstall.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.
c:\program files\VlcPlus\Extras\setup.exe (PUP.Zugo) -> Not selected for removal.
c:\Users\Owner\AppData\Local\Google\Chrome\user data\Default\Cache\f_000039 (Trojan.FakeVLC) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\wzb974\adobe photoshop cs4 keygen [ kentuckykiid ].exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\Owner\Desktop\adobe photoshop cs4 keygen [ kentuckykiid ].exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\Owner\downloads\setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.

Is that all I do or is there extra steps I need to take

[Neo]

the log shows that all threats have been neutralized

[amitraina]

i thnk trojan has been removed but just do one scan with eset online scanner http://www.eset.com/us/online-scanner

[leofelix]

@ robrien
are you able to boot in normal mode now?
You could run MBAM because your system was infected by a TDSS/Alureon rootkit that TDSS Killer neutralized apparently.
You also downloaded FREEWARE programs from P2P /file sharing hosts such as VLC media Player, for sure infected.
Always download software from legit sources.

Now download Superantispyware portable (free)to your desktop from here

http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE

before scanning your system clean your browser cache with CCleaner portable freeware
http://www.piriform.com/ccleaner/builds

post the log in your reply
Thanks

[SAMEERA]

Thank you for this information. Very helpful