Associate
- Joined
- 4 Nov 2007
- Posts
- 1,381
Hi all,
About 45 mins ago I was browsing the net as usual, just the OcUK forums when the windows DUM sound occurred. A red error box appeared and before I got chance to read it the comp shut down and restarted. (using Firefox 3 btw).
Upon the restart boot had finished and I proceeded to open Firefox up, instantly I had a BSOD. I thought it was hardware related so removed my overclock and booted back up, still hitting a BSOD so i ran memtest, this went fine without error.
On the next boot Avast registered a virus, a rootkit so I pressed delete and scheduled a boot scan. The bootscan works for around 20-30 seconds before hitting the BSOD again (and also on consecutive boots it is still finding the offending rootkit).
Any suggestions to what steps I could take to counter this?
Not been this stuck since the Sasser worm years ago
-EDIT-
Its appearing as a MBR virus and avast deems it a hidden boot sector.
I managed to get it to boot into safe mode, although it will only boot if I manually cancel the loading of a file called SPDT.sys, otherwise it appears to fully boot but the screen remains on the .sys filename list.
Running a scan in safe mode currently and hopefully it will find and remove it correctly. While on the subject, I was recommended to use Avast from this forum previously but that was a long time ago, is there a better free option available currently?
Many thanks.
-EDIT 2-
Im now at the point where I'm becoming quite stuck.
The safe mode full scan didnt find anything yet the BSODs are still occuring in normal XP. Its almost as if it is actually a hardware based problem and it was just coincidence that this mbr virus was also present. If it were hardware though, would it not still happen in safe mode? Also not forgetting that it still BSODs in the avast boot scan.
-FINAL EDIT and FIX-
I thought I'd add this final edit for users who may stumble across this in a future search. I fixed it.
It turned out to be a rootkit, undetectable by any Anti-virus I used (Avast, AVG, Anti-vir).
It is not any of the renowned rootkits such as rustock and it's variants, even specialist boot anti-rootkit programs such as reanimator could not detect or do anything about it.
It was also preventing me from using the XP recovery console to perform a fixmbr.
The only program that could do anything against it was Gmer it detected it (has to be in safe mode) and I had to use it to restore my MBR: all has ran well since.
Beware rootkits
About 45 mins ago I was browsing the net as usual, just the OcUK forums when the windows DUM sound occurred. A red error box appeared and before I got chance to read it the comp shut down and restarted. (using Firefox 3 btw).
Upon the restart boot had finished and I proceeded to open Firefox up, instantly I had a BSOD. I thought it was hardware related so removed my overclock and booted back up, still hitting a BSOD so i ran memtest, this went fine without error.
On the next boot Avast registered a virus, a rootkit so I pressed delete and scheduled a boot scan. The bootscan works for around 20-30 seconds before hitting the BSOD again (and also on consecutive boots it is still finding the offending rootkit).
Any suggestions to what steps I could take to counter this?
Not been this stuck since the Sasser worm years ago
-EDIT-
Its appearing as a MBR virus and avast deems it a hidden boot sector.
I managed to get it to boot into safe mode, although it will only boot if I manually cancel the loading of a file called SPDT.sys, otherwise it appears to fully boot but the screen remains on the .sys filename list.
Running a scan in safe mode currently and hopefully it will find and remove it correctly. While on the subject, I was recommended to use Avast from this forum previously but that was a long time ago, is there a better free option available currently?
Many thanks.
-EDIT 2-
Im now at the point where I'm becoming quite stuck.
The safe mode full scan didnt find anything yet the BSODs are still occuring in normal XP. Its almost as if it is actually a hardware based problem and it was just coincidence that this mbr virus was also present. If it were hardware though, would it not still happen in safe mode? Also not forgetting that it still BSODs in the avast boot scan.
-FINAL EDIT and FIX-
I thought I'd add this final edit for users who may stumble across this in a future search. I fixed it.
It turned out to be a rootkit, undetectable by any Anti-virus I used (Avast, AVG, Anti-vir).
It is not any of the renowned rootkits such as rustock and it's variants, even specialist boot anti-rootkit programs such as reanimator could not detect or do anything about it.
It was also preventing me from using the XP recovery console to perform a fixmbr.
The only program that could do anything against it was Gmer it detected it (has to be in safe mode) and I had to use it to restore my MBR: all has ran well since.
Beware rootkits
Last edited: