0X0000008E from a rootkit?
I have run into a bit of a snag trying to revive my computer that keeps getting a BSOD ~20 seconds after windows startup.
I am running XP SP3
"STOP: 0X0000008E 0Xc0000005 0xA12AFB75 0x9F0F47E8 0x00000000"
Here is what happened:
I was browsing the internet lastnight when my start bar and start menu changed from XP default to the 'classic windows' style. I restarted my computer and a few seconds after windows put me at my desktop I got the BSOD as described above. I booted up in Safemode then I attempted to open "Malwarebytes' Anti-Malware" however it would not open. I then opened 'SUPERAntiSpyware' using its alternate start (normal start would not open either) and scanned my computer. It came up with:
Trojan.Dropper/SVCHost-Fake
Rootkit.TDSServ
(with 57 entrys for the rootkit)
I removed them all (+ some tracking cookies) and then restarted. booting back into safemode
and was then able to open Malwarebytes Anti-Malware which came up with the following:
1 infected registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (trojan.Agent)
2 infected registry data items:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogo\userinit (Trojan.Agent) Data: C:\windows\system32\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogo\userinit (Trojan.Agent) Data: system32\
1 infected file:
C:\windows\system32 (Trojan.Agent)
all of which were 'Quarantined and deleted successfully'
I then rebooted and ran windows and got the same BSOD.
after some reading online I was told to use the minidump feature of XP to find what was left (I was told most likely a rootkit that I can't find). I was however unable to open the .dmp files. I searched and found I had to download a viewer (Horrible idea Microsoft) which I am unable to do due to the computer BSODing when im not in safe mode.
I am not sure what to do from here, can anybody help?
I am running XP SP3
"STOP: 0X0000008E 0Xc0000005 0xA12AFB75 0x9F0F47E8 0x00000000"
Here is what happened:
I was browsing the internet lastnight when my start bar and start menu changed from XP default to the 'classic windows' style. I restarted my computer and a few seconds after windows put me at my desktop I got the BSOD as described above. I booted up in Safemode then I attempted to open "Malwarebytes' Anti-Malware" however it would not open. I then opened 'SUPERAntiSpyware' using its alternate start (normal start would not open either) and scanned my computer. It came up with:
Trojan.Dropper/SVCHost-Fake
Rootkit.TDSServ
(with 57 entrys for the rootkit)
I removed them all (+ some tracking cookies) and then restarted. booting back into safemode
and was then able to open Malwarebytes Anti-Malware which came up with the following:
1 infected registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (trojan.Agent)
2 infected registry data items:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogo\userinit (Trojan.Agent) Data: C:\windows\system32\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogo\userinit (Trojan.Agent) Data: system32\
1 infected file:
C:\windows\system32 (Trojan.Agent)
all of which were 'Quarantined and deleted successfully'
I then rebooted and ran windows and got the same BSOD.
after some reading online I was told to use the minidump feature of XP to find what was left (I was told most likely a rootkit that I can't find). I was however unable to open the .dmp files. I searched and found I had to download a viewer (Horrible idea Microsoft) which I am unable to do due to the computer BSODing when im not in safe mode.
I am not sure what to do from here, can anybody help?
0
Comments
Please check your Private Messages for instructions. Follow them and come back here.
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.