-
Fatal System error
Hi All,
I have a problem that is baffling me.
My wife's laptop got hit with a nasty trojan (even though NOD 32 is running).
I acted immediately and used the Malware removal program. It got rid of most of the entries and then needed to do a restart to finish the removal. This is where I have problems. It logsoff ok and then goes to reboot however it then comes up with a Fatal System error C000021A 0x00000000 BSOD.
The problem is that something is causing this error and stopping the reboot process which then causes or halts the trojans in the registry and system32 folder from being deleted.
I've tried Regcure and it shows up as removing all the problems however they are still there again next time I power-up.
Has anybody had the same problem?
BS
-
Which version of Windows?
Try a safe mode start, ie reboot and keep hitting the F8 key, this should allow the registry operations to be done unhindered.
it's windows XP Home.
I'll try that again but I think it came up with the same result
OK - an update.
I got rid of the bsod by constantly editing the registry 3 or 4 times to remove the malicious lines of code. As soon as I'd remove it, it would come back. Anyway, I was able to eventually get the machine reboot.
Now I still have 1 file in System 32 that I can't delete (part of the Vundoo Trojan). Vundoo fix says there are no errors.
I'll keep reading up on it.
BS
What's the file you need to remove? Check the running processes for unusual entries that may be recreating your trojan. ie ctrl alt del then select Processes tab. Doing everything in safe mode gives you the best chance of cleaning up.
With xp pro you can run a command called tasklist.exe that list all the running processes to help find what is causing problems, similar to running task manager. You can download it for home. see
Check out for full vundoo removal, ie VirtumundoBeGone - another Tool to try - if VundoFix failed to remove your infection.
also check out Smitfraud removal here
thanks ssratus,
Will try those tonight. The file is urq**feu.dll. It's using explorer and winlogon to stay acvtive.
I played around last night some more and I can stop explorer but when I stop winlogon, I get an error and then the BSOD (same as before). At least this time it doesn't remain.
Malware remover picks up 6 entries (2 are identical and 4 are registry entries all linked to the same dll).
I'll keep you posted.
BS
All done. I read a few tips - the best was to use a file called unlocker. It basically halted the system processes that were linked to the trojan dll.
I booted in safe mode and installed unlocker. I then opened up the recycle bin and also opened up the system32 folder. I positioned them very close together. I then found the file and right clicked and selected unlocker. I then terminated the processes. The brought up a couple of errors but I quickly dragged the file into the recycle bin before I got the BSOD.
I then rebooted and the file was gone (at least it was quarrantined in the recycle bin).
I scanned 3 times to make sure all was good and thus far - no more trojans.
Don't ever let it be said that you can't recover a macine after an attack and the perseverence paid off.
congrats mate.... I only learn what to do by having to do it, so have deliberately infected myself a few times to see what to do in the past.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote
Bookmarks