Fatal System error

**Bobby Slogger** · 07-08-08, 11:55 AM

Hi All,

I have a problem that is baffling me.

My wife's laptop got hit with a nasty trojan (even though NOD 32 is running).

I acted immediately and used the Malware removal program. It got rid of most of the entries and then needed to do a restart to finish the removal. This is where I have problems. It logsoff ok and then goes to reboot however it then comes up with a Fatal System error C000021A 0x00000000 BSOD.

The problem is that something is causing this error and stopping the reboot process which then causes or halts the trojans in the registry and system32 folder from being deleted.

I've tried Regcure and it shows up as removing all the problems however they are still there again next time I power-up.

Has anybody had the same problem?

BS

**ssrattus** · 07-08-08, 12:26 PM

Which version of Windows?

Try a safe mode start, ie reboot and keep hitting the F8 key, this should allow the registry operations to be done unhindered.

**Bobby Slogger** · 07-08-08, 12:45 PM

it's windows XP Home.

I'll try that again but I think it came up with the same result

**Bobby Slogger** · 07-08-08, 08:53 PM

OK - an update.

I got rid of the bsod by constantly editing the registry 3 or 4 times to remove the malicious lines of code. As soon as I'd remove it, it would come back. Anyway, I was able to eventually get the machine reboot.

Now I still have 1 file in System 32 that I can't delete (part of the Vundoo Trojan). Vundoo fix says there are no errors.

I'll keep reading up on it.

BS

**ssrattus** · 07-08-08, 09:47 PM

What's the file you need to remove? Check the running processes for unusual entries that may be recreating your trojan. ie ctrl alt del then select Processes tab. Doing everything in safe mode gives you the best chance of cleaning up.

With xp pro you can run a command called tasklist.exe that list all the running processes to help find what is causing problems, similar to running task manager. You can download it for home. see Managing Windows XP Programs from the Command Line- Tasklist

**ssrattus** · 07-08-08, 09:55 PM

Check out Malware Removal: Virtumundo - CastleCopsWiki for full vundoo removal, ie VirtumundoBeGone - another Tool to try - if VundoFix failed to remove your infection.

also check out Smitfraud removal here Malware Removal: SpyAxe Removal - CastleCopsWiki

**Bobby Slogger** · 08-08-08, 08:42 AM

thanks ssratus,

Will try those tonight. The file is urq**feu.dll. It's using explorer and winlogon to stay acvtive.

I played around last night some more and I can stop explorer but when I stop winlogon, I get an error and then the BSOD (same as before). At least this time it doesn't remain.

Malware remover picks up 6 entries (2 are identical and 4 are registry entries all linked to the same dll).

I'll keep you posted.

BS

**Bobby Slogger** · 08-08-08, 09:44 PM

All done. I read a few tips - the best was to use a file called unlocker. It basically halted the system processes that were linked to the trojan dll.

I booted in safe mode and installed unlocker. I then opened up the recycle bin and also opened up the system32 folder. I positioned them very close together. I then found the file and right clicked and selected unlocker. I then terminated the processes. The brought up a couple of errors but I quickly dragged the file into the recycle bin before I got the BSOD.

I then rebooted and the file was gone (at least it was quarrantined in the recycle bin).

I scanned 3 times to make sure all was good and thus far - no more trojans.

Don't ever let it be said that you can't recover a macine after an attack and the perseverence paid off.

**ssrattus** · 09-08-08, 12:22 AM

congrats mate.... I only learn what to do by having to do it, so have deliberately infected myself a few times to see what to do in the past.

07-08-08, 11:55 AM	#1 (permalink)
Bobby Slogger Junior Member iTrader: (1) Join Date: Jan 2008 Posts: 26 Spent time on board: 1 Day and 5:20:16	Fatal System error Hi All, I have a problem that is baffling me. My wife's laptop got hit with a nasty trojan (even though NOD 32 is running). I acted immediately and used the Malware removal program. It got rid of most of the entries and then needed to do a restart to finish the removal. This is where I have problems. It logsoff ok and then goes to reboot however it then comes up with a Fatal System error C000021A 0x00000000 BSOD. The problem is that something is causing this error and stopping the reboot process which then causes or halts the trojans in the registry and system32 folder from being deleted. I've tried Regcure and it shows up as removing all the problems however they are still there again next time I power-up. Has anybody had the same problem? BS

LinkBacks (?) LinkBack to this Thread: http://www.austech.info/security-privacy/9573-fatal-system-error.html
Posted By	For	Type	Date
Austech - Powered by vBulletin	This thread	Refback	09-08-08 01:35 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

07-08-08, 12:26 PM	#2 (permalink)
ssrattus Super Moderator iTrader: (0) Join Date: Jan 2008 Posts: 1,368 Spent time on board: 1 Month, 0 Weeks, 4 Days and 5:26:13	Which version of Windows? Try a safe mode start, ie reboot and keep hitting the F8 key, this should allow the registry operations to be done unhindered.

07-08-08, 12:45 PM	#3 (permalink)
Bobby Slogger Junior Member iTrader: (1) Join Date: Jan 2008 Posts: 26 Spent time on board: 1 Day and 5:20:16	it's windows XP Home. I'll try that again but I think it came up with the same result

07-08-08, 08:53 PM	#4 (permalink)
Bobby Slogger Junior Member iTrader: (1) Join Date: Jan 2008 Posts: 26 Spent time on board: 1 Day and 5:20:16	OK - an update. I got rid of the bsod by constantly editing the registry 3 or 4 times to remove the malicious lines of code. As soon as I'd remove it, it would come back. Anyway, I was able to eventually get the machine reboot. Now I still have 1 file in System 32 that I can't delete (part of the Vundoo Trojan). Vundoo fix says there are no errors. I'll keep reading up on it. BS

07-08-08, 09:47 PM	#5 (permalink)
ssrattus Super Moderator iTrader: (0) Join Date: Jan 2008 Posts: 1,368 Spent time on board: 1 Month, 0 Weeks, 4 Days and 5:26:13	What's the file you need to remove? Check the running processes for unusual entries that may be recreating your trojan. ie ctrl alt del then select Processes tab. Doing everything in safe mode gives you the best chance of cleaning up. With xp pro you can run a command called tasklist.exe that list all the running processes to help find what is causing problems, similar to running task manager. You can download it for home. see Managing Windows XP Programs from the Command Line- Tasklist

07-08-08, 09:55 PM	#6 (permalink)
ssrattus Super Moderator iTrader: (0) Join Date: Jan 2008 Posts: 1,368 Spent time on board: 1 Month, 0 Weeks, 4 Days and 5:26:13	Check out Malware Removal: Virtumundo - CastleCopsWiki for full vundoo removal, ie VirtumundoBeGone - another Tool to try - if VundoFix failed to remove your infection. also check out Smitfraud removal here Malware Removal: SpyAxe Removal - CastleCopsWiki

08-08-08, 08:42 AM	#7 (permalink)
Bobby Slogger Junior Member iTrader: (1) Join Date: Jan 2008 Posts: 26 Spent time on board: 1 Day and 5:20:16	thanks ssratus, Will try those tonight. The file is urq**feu.dll. It's using explorer and winlogon to stay acvtive. I played around last night some more and I can stop explorer but when I stop winlogon, I get an error and then the BSOD (same as before). At least this time it doesn't remain. Malware remover picks up 6 entries (2 are identical and 4 are registry entries all linked to the same dll). I'll keep you posted. BS

08-08-08, 09:44 PM	#8 (permalink)
Bobby Slogger Junior Member iTrader: (1) Join Date: Jan 2008 Posts: 26 Spent time on board: 1 Day and 5:20:16	All done. I read a few tips - the best was to use a file called unlocker. It basically halted the system processes that were linked to the trojan dll. I booted in safe mode and installed unlocker. I then opened up the recycle bin and also opened up the system32 folder. I positioned them very close together. I then found the file and right clicked and selected unlocker. I then terminated the processes. The brought up a couple of errors but I quickly dragged the file into the recycle bin before I got the BSOD. I then rebooted and the file was gone (at least it was quarrantined in the recycle bin). I scanned 3 times to make sure all was good and thus far - no more trojans. Don't ever let it be said that you can't recover a macine after an attack and the perseverence paid off.

09-08-08, 12:22 AM	#9 (permalink)
ssrattus Super Moderator iTrader: (0) Join Date: Jan 2008 Posts: 1,368 Spent time on board: 1 Month, 0 Weeks, 4 Days and 5:26:13	congrats mate.... I only learn what to do by having to do it, so have deliberately infected myself a few times to see what to do in the past.

Sponsored Links

Sponsored Links

Sponsored Links