Blue Screen Of Death after virus

Hello, I got a virus some how, the "Malware Defense" one,
Whenever I start normally I just get the blue screen of death:

"Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.0.6002.2.2.0.768.3
  Locale ID:    1033

Additional information about the problem:
  BCCode:    1000008e
  BCP1:    C0000005
  BCP2:    85C07E3F
  BCP3:    8F2D6010
  BCP4:    00000000
  OS Version:    6_0_6002
  Service Pack:    2_0
  Product:    768_1

Files that help describe the problem:
  C:\Windows\Minidump\Mini011710-06.dmp
  C:\Users\Kim.JAKE\AppData\Local\Temp\WER-62197-0.sysdata.xml
  C:\Users\Kim.JAKE\AppData\Local\Temp\WER976E.tmp.version.txt

Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409"



I can run in safe mode, the virus is gone, I used a tool to remove it,
I just cant get rid of that screen,

Any help would be nice
Hi,

Do not assume that because one was found that all are gone as no one program can detect and remove all
malware. Added that often easy to detect malware is accompanied by a much harder to handle payload. So
I would do a very thorough check and then run the cleanup here.

These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run them in
regular Windows when you can.

Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits run UnHackMe)

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Malwarebytes - free
http://www.malwarebytes.org/

Run the Microsoft Malicious Removal Tool

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updates - if needed you can download it here.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)

Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

also install Prevx to be sure it is all gone.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove. 
http://www.prevx.com/   <-- information
http://info.prevx.com/downloadcsi.asp  <-- download

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp

--------------------------------------------------------

If needed here are some online free scanners to help

http://www.eset.com/onlinescan/


http://www.kaspersky.com/virusscanner

Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

--------------------------------------------------------

Also do these to cleanup general corruption and repair/replace damaged/missing system files.

Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228


Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.

How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

-----------------------------------------------------------------------

If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)

http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/

Hope this helps.


Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Insider MVP 2016 - current
Windows and Devices for IT 2009 - 2020

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi,

Keep in mind that the virus could have corrupted a driver or another program which in turn causes that
bluescreen.

Two primary causes of this blue screen are video drivers and BIOS - Check with System Maker's Site for
Display Adapter (Video) and BIOS and then Device Maker's site for latest Video. It can be other drivers
so check while there. Turn OFF auto-driver installation as those are older and if Windows Updates suggests
a driver just HIDE it. Antivirus is another possibility.

See Generic Driver Update Methods in next message.

BCCode: 8E  0x0000008E is same as 0x1000008E

Cause

The KERNEL_MODE_EXCEPTION_NOT_HANDLED bug check is a very common bug check. To interpret it, you must identify which exception was generated.

Common exception codes include the following:

  • 0xC0000005: STATUS_ACCESS_VIOLATION indicates that a memory access violation occurred.

Resolving the Problem

If you are not equipped to debug this problem, you should use some basic troubleshooting techniques:

  • Make sure you have enough disk space.
  • If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
  • Try changing video adapters.
  • Check with your hardware vendor for any BIOS updates.
  • Disable BIOS memory options such as caching or shadowing.

If you plan to debug this problem, you might find it difficult to obtain a stack trace. Parameter 2 (the exception address) should identify the driver or function that caused this problem.

If you do not know the specific cause of the exception, consider the following items:

  • Hardware incompatibility. Make sure that any new hardware installed is listed in the Microsoft Windows Marketplace Tested Products List.
  • Faulty device driver or system service. A faulty device driver or system service might be responsible for this error. Hardware issues, such as BIOS incompatibilities, memory conflicts, and IRQ conflicts can also generate this error.

If the bug check message lists a driver by name , disable or remove that driver. Also, disable or remove any drivers or services that were recently added. If the error occurs during the startup sequence and the system partition is formatted with NTFS file system, you might be able to use Safe Mode to rename or delete the faulty driver. If the driver is used as part of the system startup process in Safe Mode, you have to start the computer by using the Recovery Console to access the file.

If the problem is associated with Win32k.sys, the source of the error might be a third-party remote control program. If such software is installed, you can remove the service by starting the system by using the Recovery Console and then deleting the offending system service file.

Check the System Log in Event Viewer for additional error messages that might help identify the device or driver that is causing bug check 0x1E. You can disable memory caching of the BIOS to try to resolve the error. You should also run hardware diagnostics, especially the memory scanner, that the system manufacturer supplies. For more information about these procedures, see the owner's manual for your computer.

The error that generates this message can occur after the first restart during Windows Setup, or after Setup is finished. A possible cause of the error is lack of disk space for installation and system BIOS incompatibilities. For problems during Windows installation that are associated with lack of disk space, reduce the number of files on the target hard disk drive. Check for and delete any temporary files that you do not have to have, Internet cache files, application backup files, and .chk files that contain saved file fragments from disk scans. You can also use another hard disk drive with more free space for the installation.

You can resolve BIOS problems by upgrading the system BIOS version

=============================================

Look in the Event Viewer to see if anything is reported about those.
http://www.computerperformance.co.uk/vista/vista_event_viewer.htm

MyEventViewer - Free - a simple alternative to the standard event viewer of Windows.
TIP - Options - Advanced Filter allows you to see a time frame instead of the whole file.

http://www.nirsoft.net/utils/my_event_viewer.html

-------------------------------------------------------------------------

This is my generic bluescreen troubleshooter :

Here are some methods to possibly fix the blue screen issue. If you could give the Blue Screen info that would
help. Such as the BCC and the other 4 entries on the lower left. And any other error information such as STOP
codes and info such as IRQL_NOT_LESS_OR_EQUAL or PAGE_FAULT_IN_NONPAGED_AREA and similar messages.

As examples :

BCCode: 116
BCP1: 87BC9510
BCP2: 8C013D80
BCP3: 00000000
BCP4: 00000002

or in this format :

Stop: 0x00000000 (oxoooooooo oxoooooooo oxooooooooo oxoooooooo)
tcpip.sys - Address 0x00000000 base at 0x000000000 DateStamp 0x000000000


This is an excellent tool for posting Blue Screen Error Information

BlueScreenView scans all your minidump files created during 'blue screen of death' crashes,
and displays the information about all crashes in one table - Free

http://www.nirsoft.net/utils/blue_screen_view.html


Many BlueScreens are caused by old or corrupted drivers, especially video drivers however there are other causes.

You can do these in Safe Mode if needed or from Command Prompt from Vista DVD or Recovery Options if your
system has that installed by the maker.

This tells you how to access the System Recovery Options and/or from a Vista DVD
http://windowshelp.microsoft.com/Windows/en-US/Help/326b756b-1601-435e-99d0-1585439470351033.mspx

You can try a System Restore back to a point before the problem started if there is one.

How to Do a System Restore in Vista
http://www.vistax64.com/tutorials/76905-system-restore-how.html

-------------------------------------------------------------------------

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228


The log might give you the answer if there was a corrupted driver. (Does not tell all the possible driver issues).

Also run CheckDisk so we can rule out corruption as much as possible.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html


-------------------------------------------------------------------------

Often updating drivers will help, usually Video, Sound, Network Card  (NIC), WiFi, 3rd party keyboard and
mouse, as well as other major device drivers.

Manually look at manufacturer's sites for drivers - and Device Maker's sites.
http://pcsupport.about.com/od/driverssupport/ht/driverdlmfgr.htm

How to Install a Device Driver in Vista Device Manager
http://www.vistax64.com/tutorials/193584-device-manager-install-driver.html

How To Disable Automatic Driver Installation In Windows Vista - Drivers
http://www.addictivetips.com/windows-tips/how-to-disable-automatic-driver-installation-in-windows-vista/
http://technet.microsoft.com/en-us/library/cc730606(WS.10).aspx

-------------------------------------------------------------------------

How to fix BlueScreen (STOP) errors that cause Windows Vista to shut down or restart unexpectedly
http://support.microsoft.com/kb/958233

Troubleshooting Vista Blue Screen, STOP Errors
http://www.chicagotech.net/vista/vistabluescreen.htm

Understanding and Decoding BSOD (blue screen of death) Messages
http://www.taranfx.com/blog/?p=692

Windows - Troubleshooting Blue Screen Errors
http://kb.wisc.edu/page.php?id=7033

-------------------------------------------------------------------------

In some cases this might be required.

StartUp Repair from Recovery Options or Vista disk

How to do a Startup Repair
http://www.vistax64.com/tutorials/91467-startup-repair.html

This tells you how to access the System Recovery Options and/or from a Vista DVD
http://windowshelp.microsoft.com/Windows/en-US/Help/326b756b-1601-435e-99d0-1585439470351033.mspx

Hope this helps.
 


Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Insider MVP 2016 - current
Windows and Devices for IT 2009 - 2020

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi,

Update your driver, BIOS, and any control software and then work back through the troubleshooters
above if needed.

Could be a driver related issue. Update your drivers manually by looking at System maker and
Device maker's sites.

This is my generic how to for proper driver updates :

This utility makes it easy to see which versions are loaded :

DriverView - Free - utility displays the list of all device drivers currently loaded on your system. For
each driver in the list, additional useful information is displayed: load address of the driver, description,
version, product name, company that created the driver, and more.
http://www.nirsoft.net/utils/driverview.html

For Drivers check System Maker as fallbacks and Device Maker's which are the most current.
Control Panel - Device Manager - Display Adapter - write down the make and complete model of your
video adapter - double click - Driver's tab - write down the version info. Now click UPdate Driver (this
may not do anything as MS is far behind certifying drivers) - then Right Click - Uninstall - REBOOT
this will refresh the driver stack.

Repeat that for Network - Network Card (NIC), Wifi, Sound, Mouse and Keyboard if 3rd party with their
own software and drivers and any other major device drivers you have.

Now go to System Maker's site (Dell, HP, Toshiba as examples) (as rollback) and then Device Maker's site
(Realtek, Intel, Nvidia, ATI as examples) and get their latest versions. (Look for BIOS, Chipset and software
updates at System Maker's site while there.)

Download - SAVE - go to where you put them - Right Click - RUN AD ADMIN - REBOOT after each installation.

Always check in Device Manager - Drivers tab to be sure the version you are installing actually shows up. This
is because some drivers rollback before the latest is installed (sound drivers particularly do this) so install a
driver - reboot - check to be sure it is installed and repeat as needed.

Repeat at Device Makers - BTW at Device Makers DO NOT RUN THEIR SCANNER - check manually by model.

Manually look at manufacturer's sites for drivers - and Device Maker's sites.
http://pcsupport.about.com/od/driverssupport/ht/driverdlmfgr.htm

How to Install a Device Driver in Vista Device Manager
http://www.vistax64.com/tutorials/193584-device-manager-install-driver.html

If you update drivers manually then it is a good idea to disable Driver Installations in Windows Updates,
this leaves Windows Updates ON however it will not install drivers which will usually be older and cause
issues. If Updates suggests a new driver then HIDE it (Right Click on it) and then go look for new ones
manually if you wish.

How To Disable Automatic Driver Installation In Windows Vista - Drivers
http://www.addictivetips.com/windows-tips/how-to-disable-automatic-driver-installation-in-windows-vista/
http://technet.microsoft.com/en-us/library/cc730606(WS.10).aspx

Hope these help.


Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Insider MVP 2016 - current
Windows and Devices for IT 2009 - 2020

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hey guys, That MRT or w.e it is didnt find anything,

I dont htink the virus is gone yet because about once an hour the webpage http://netslist.com/search.php?mode=all&query=themes pops up and trys to sell a bunch of stuff..

I really need help,

I will read the other posts and try to fix the blue screen,
I am in safemode right now and i dont get the bluescreen, but that site pops up once an hour.

I'll try to check my drivers,
Another thing,
MalawareBytes wont open for some reason.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

There are other ways in my message on malware checks than just MRT or w.e., and you need to do a
very thorough search with them.

Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Insider MVP 2016 - current
Windows and Devices for IT 2009 - 2020

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hey i used malwarebytes and it deleted the rootkit,

My computer appears to be virus free as McAfee now opens etc

And I have a log of my drivers that loaded and failed, But it is really big. (524k of pure text:p) its huge.
If someone wants to look at it and tell me what driver fails that would be great,


Here is the top of the file until it reaches a failed driver

 Service Pack 2 1 17 2010 09:39:03.375
Loaded driver \SystemRoot\system32\ntkrnlpa.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\BOOTVID.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\acpi.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\compbatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\BATTC.SYS
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\System32\Drivers\UBHelper.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\msahci.sys
Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\system32\DRIVERS\psdfilter.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\msrpc.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\ecache.sys
Loaded driver \SystemRoot\system32\drivers\disk.sys
Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\drivers\crcdisk.sys
Did not load driver @nettun.inf,%isatap.displayname%;Microsoft ISATAP Adapter





Thats the beggining of it.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Do not assume, continue to do a thorough check - easy to detect and remove malware is often
accompanied by much tougher to deal with payloads. When you are VERY SURE you are clean
then run the cleanup.

Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Insider MVP 2016 - current
Windows and Devices for IT 2009 - 2020

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Do not assume, continue to do a thorough check - easy to detect and remove malware is often
accompanied by much tougher to deal with payloads. When you are VERY SURE you are clean
then run the cleanup.

Rob - Bicycle - Mark Twain said it right.

Dude i just want to get that blue screen of death fixed, its clearly a driver

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

The how to fix a driver issue is in the messages above however until you are very sure the machine
is clean you are spinning your wheels to even try.

Rob - Bicycle - Mark Twain said it right.
Rob Brown - Microsoft MVP - Windows Insider MVP 2016 - current
Windows and Devices for IT 2009 - 2020

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

 
 

Question Info


Last updated June 15, 2020 Views 11,164 Applies to: