Have a Virus - blue screen
Solved/Closed
Related:
- Have a Virus - blue screen
- Can a jpg have a virus - Guide
- Goose virus - Download - Other
- Blue stick 5 - Download - Android emulators
- Ntuser.dat virus - Guide
- Huawei screen test code - Guide
18 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Nov 28, 2011 at 03:53 PM
Nov 28, 2011 at 03:53 PM
Hello,
The error codes 0x0000000A and 0x00000002 does not indicate a virus but some hardware or driver which was not compatible with the hardware in question.
Have you recently installed some hardware or driver?
You never mentioned what is your OS which is an essential information before anyabody can begin providing any kind of solution.
With all due respect to Sundar, the steps he gave you will not solve this hardware or driver isssue.
Regards
The error codes 0x0000000A and 0x00000002 does not indicate a virus but some hardware or driver which was not compatible with the hardware in question.
Have you recently installed some hardware or driver?
You never mentioned what is your OS which is an essential information before anyabody can begin providing any kind of solution.
With all due respect to Sundar, the steps he gave you will not solve this hardware or driver isssue.
Regards
Anonymous User
Nov 27, 2011 at 11:18 PM
Nov 27, 2011 at 11:18 PM
Please boot into safemode with networking
Download this
https://download.bleepingcomputer.com/sUBs/dds.scr
Save it on desktop,run it ,a command prompt window will pop up ,
after that you will get two logs
dds.txt
attach.txt
Please upload the dds.txt file to
https://authentification.site
and paste the link here
Download
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
Run a scan and cure the infections.Generated log will be in your C drive
Open the text file and post the contents here
Download this
https://download.bleepingcomputer.com/sUBs/dds.scr
Save it on desktop,run it ,a command prompt window will pop up ,
after that you will get two logs
dds.txt
attach.txt
Please upload the dds.txt file to
https://authentification.site
and paste the link here
Download
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
Run a scan and cure the infections.Generated log will be in your C drive
Open the text file and post the contents here
fannysaint
Posts
4
Registration date
Saturday November 26, 2011
Status
Member
Last seen
November 28, 2011
Nov 28, 2011 at 05:56 AM
Nov 28, 2011 at 05:56 AM
Hi
May be it's not a virus...
It would be interesting to know the error code you are getting on the blue screen, it's an 8 character code beginning with 0x
May be it's not a virus...
It would be interesting to know the error code you are getting on the blue screen, it's an 8 character code beginning with 0x
I tried to open in safe. Ode with networking but I couldn't connect to the Internet. I was connected to my wireless connection but there was a problem when Internet actually tried to connect.
Here is the code on the blue screen. 0x0000000A, (0x00000000, 0x00000002, 0x00000001, 0x81c6383c)
I hope that helps. Thanks for your responses" I appreciate all the help I can get.
Here is the code on the blue screen. 0x0000000A, (0x00000000, 0x00000002, 0x00000001, 0x81c6383c)
I hope that helps. Thanks for your responses" I appreciate all the help I can get.
aquarelle
Posts
7141
Registration date
Saturday April 7, 2007
Status
Moderator
Last seen
December 19, 2024
491
Nov 28, 2011 at 12:54 PM
Nov 28, 2011 at 12:54 PM
Hi, t
Which is your OS system? The message error is not complete. There something else written after the error number like "IRQL_NOT_LESS_OR_EQUAL" ...
Which is your OS system? The message error is not complete. There something else written after the error number like "IRQL_NOT_LESS_OR_EQUAL" ...
It is windows xp.
Here is exactly what my blue screen says
A problem has been detected and windows has been shut down to prevent damage to your computer.
Irql_not_less_or_equal
if this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.
If problem continues, disable or remove such caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press f8 to select advanced startup options, then select safe mode.
Technical information
***STOP: 0x0000000A (0x00000000, 0x00000002, 0x00000001, 0x81c6383c)
Collecting data for crash dump...
Initializing disk for crash dump...
Beginning dump of physical memory to disk
dumping physical memory to disk:100
Physical memory dump complete
Contact your system admin or technical support group for further assistance.
on another note, Best Buy said my laptop has AV protection virus
Here is exactly what my blue screen says
A problem has been detected and windows has been shut down to prevent damage to your computer.
Irql_not_less_or_equal
if this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.
If problem continues, disable or remove such caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press f8 to select advanced startup options, then select safe mode.
Technical information
***STOP: 0x0000000A (0x00000000, 0x00000002, 0x00000001, 0x81c6383c)
Collecting data for crash dump...
Initializing disk for crash dump...
Beginning dump of physical memory to disk
dumping physical memory to disk:100
Physical memory dump complete
Contact your system admin or technical support group for further assistance.
on another note, Best Buy said my laptop has AV protection virus
aquarelle
Posts
7141
Registration date
Saturday April 7, 2007
Status
Moderator
Last seen
December 19, 2024
491
Nov 28, 2011 at 01:26 PM
Nov 28, 2011 at 01:26 PM
Take a look here :
https://support.microsoft.com/en-us/help/314063
https://support.microsoft.com/en-us/help/314063
Didn't find the answer you are looking for?
Ask a question
Anonymous User
Nov 28, 2011 at 01:09 PM
Nov 28, 2011 at 01:09 PM
Download and copy this to the infected PC via USB
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
Run a scan and cure the infections.Generated log will be in your C drive
Open the text file and post the contents here
Now go to
C:Windows/minidump folder
Upload the minidump files to
www.speedyshare.com
and paste the link here
We know that you dont have internet.So transfer the files to a different PC and upload it
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
Run a scan and cure the infections.Generated log will be in your C drive
Open the text file and post the contents here
Now go to
C:Windows/minidump folder
Upload the minidump files to
www.speedyshare.com
and paste the link here
We know that you dont have internet.So transfer the files to a different PC and upload it
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Nov 28, 2011 at 04:12 PM
Nov 28, 2011 at 04:12 PM
Dear Gelika
You must first answer my questions.
1. What is your OS?
2. I assume your machine was working okay when you purchased it?
3. When did you buy it?
4. What did you do with it from the time you took it home and the blue screen event?
Please reply but do not click on comment.
You must first answer my questions.
1. What is your OS?
2. I assume your machine was working okay when you purchased it?
3. When did you buy it?
4. What did you do with it from the time you took it home and the blue screen event?
Please reply but do not click on comment.
I just realized that I said my OS is Windows XP when it is actually Windows Vista.. I purchased it 3 years ago and it was working just fine. I had problems about a month ago and took it to Best Buy and they replaced my hard drive. Since then I haven't done much with the computer. I downloaded Microsoft Office software and that was about it. I was surfing the internet when my computer just shut down and when I tried to restart it that was the blue screen that I got.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Nov 28, 2011 at 04:22 PM
Nov 28, 2011 at 04:22 PM
@Sundar
The error codes are clear as to their meaning.
If no change was made to the machine with drivers or hardware, then we will see.
There are stages to follow when reparing a blue screen and that is to look at the error codes before looking at a possible virus. One must be kind of a doctor. Both 0x0000000A and 0x0000002 point towards hardware and drivers.
If the above is not the cause then we will generate a ZHP Diag log which is sure to detect the virus if any.
For the time being a suggest we reserve the sledge hammer to kill the bug for later.
Regards
The error codes are clear as to their meaning.
If no change was made to the machine with drivers or hardware, then we will see.
There are stages to follow when reparing a blue screen and that is to look at the error codes before looking at a possible virus. One must be kind of a doctor. Both 0x0000000A and 0x0000002 point towards hardware and drivers.
If the above is not the cause then we will generate a ZHP Diag log which is sure to detect the virus if any.
For the time being a suggest we reserve the sledge hammer to kill the bug for later.
Regards
@Ambucias
I just realized that I said my OS is Windows XP when it is actually Windows Vista.. I purchased it 3 years ago and it was working just fine. I had problems about a month ago and took it to Best Buy and they replaced my hard drive. Since then I haven't done much with the computer. I downloaded Microsoft Office software and that was about it. I was surfing the internet when my computer just shut down and when I tried to restart it that was the blue screen that I got.
I just realized that I said my OS is Windows XP when it is actually Windows Vista.. I purchased it 3 years ago and it was working just fine. I had problems about a month ago and took it to Best Buy and they replaced my hard drive. Since then I haven't done much with the computer. I downloaded Microsoft Office software and that was about it. I was surfing the internet when my computer just shut down and when I tried to restart it that was the blue screen that I got.
After I ran the "cure" I was able to get into windows like I usually do however, this time when I opened firefox,I immediately had AV Protection 2011 up on my screen and it is telling me Ihave all these viruses and that I can "repair files now" However, I think that is the virus. Not sure what to do now.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Nov 28, 2011 at 04:49 PM
Nov 28, 2011 at 04:49 PM
The link given by Aquarelle is for XP however my interpretation of the error codes are for all of Windows.
Lets see if Sundar's and Best Buy's assumptions are correct.
I require a log.
Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Save the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload »
Copy the url and post it here
Lets see if Sundar's and Best Buy's assumptions are correct.
I require a log.
Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Save the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload »
Copy the url and post it here
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Nov 28, 2011 at 05:13 PM
Nov 28, 2011 at 05:13 PM
Gelika
Please do not click on comment after my reply. It gets confusing for me, always click on reply.
I did not ask you to run a cure but for a log with ZHP Diag.
What cure are you talking about?
Please one thing at a time!
AV Protection 2011, no doubt about it, is a rogue trojan horse.
What antivirus are you using?
Anyhow, lets send the horse to the glue factory:
Please follow the following procedure carefully and to the letter. You may wish to print this.
You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.
You must kill the evil processes which the virus is presently running and preventing you from running any antivirus. If you don't it will keep reproducing the files for ever.
To kill the processes:
1. Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)
Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.
While you are doing the above, I may go offline, but I will return in the morning to see how you did.
Good luck
Please do not click on comment after my reply. It gets confusing for me, always click on reply.
I did not ask you to run a cure but for a log with ZHP Diag.
What cure are you talking about?
Please one thing at a time!
AV Protection 2011, no doubt about it, is a rogue trojan horse.
What antivirus are you using?
Anyhow, lets send the horse to the glue factory:
Please follow the following procedure carefully and to the letter. You may wish to print this.
You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning.
You must kill the evil processes which the virus is presently running and preventing you from running any antivirus. If you don't it will keep reproducing the files for ever.
To kill the processes:
1. Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)
Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.
While you are doing the above, I may go offline, but I will return in the morning to see how you did.
Good luck
@Ambucias
Sorry, I told you I was computer savy however I did reply this time instead of adding a comment.
I have done everything you asked, I did run the full scan it took about 48 minutes. It shows 23 Objects infected. Not sure what do with that. Also, I don't know how to turn off system restore and turn it back on to create a new restore date. If you could help with that I would appreciate it. Thanks again for so much of your time and help!
Sorry, I told you I was computer savy however I did reply this time instead of adding a comment.
I have done everything you asked, I did run the full scan it took about 48 minutes. It shows 23 Objects infected. Not sure what do with that. Also, I don't know how to turn off system restore and turn it back on to create a new restore date. If you could help with that I would appreciate it. Thanks again for so much of your time and help!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Nov 29, 2011 at 04:28 AM
Nov 29, 2011 at 04:28 AM
Gelika
You are totally welcome.
Before we go to system restore have you deleted the 23 items that were found? If not, you must repeat the process.
Do you still have a blue screen? If so, as Sundar may suggest, you might have a rootkit infection and we will deal with it.
In any case, I would like to take a look at your system's main functions:
Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Save the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload »
Copy the url and post it here
You are totally welcome.
Before we go to system restore have you deleted the 23 items that were found? If not, you must repeat the process.
Do you still have a blue screen? If so, as Sundar may suggest, you might have a rootkit infection and we will deal with it.
In any case, I would like to take a look at your system's main functions:
Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Save the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload »
Copy the url and post it here
I just tried to delete the items and I got an error message that said, certain items could not be removed and is asking that I restart my computer. Do you want me to do that first?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Nov 29, 2011 at 03:55 PM
Nov 29, 2011 at 03:55 PM
Please send me the ZHP diag log as per my previous instructions.
P.S. It's important that you give me all the information in detail, like the one you gave me that certain items could be deleted, otherwise not only may I err, get you on the wrong path but also waste your time and mine.
Thanks
P.S. It's important that you give me all the information in detail, like the one you gave me that certain items could be deleted, otherwise not only may I err, get you on the wrong path but also waste your time and mine.
Thanks
No blue screen. However when I try and run the ZHP it is in another language so I just clicked through it but it didn't do anything, it ended with something like terminate.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Nov 29, 2011 at 05:21 PM
Nov 29, 2011 at 05:21 PM
Click on the hard hat and change the language (it was it French)
No blue screen, well that's an improvement don't you think? Are you happy? Save all that money at Best buy.
After I analyse your log, I may have a lot of suggestions for you to improve your security. But I must not log off for the evening.
What time is it at your place. Here 1821 hrs. Untill next time, please don't download anythingé
Regards
No blue screen, well that's an improvement don't you think? Are you happy? Save all that money at Best buy.
After I analyse your log, I may have a lot of suggestions for you to improve your security. But I must not log off for the evening.
What time is it at your place. Here 1821 hrs. Untill next time, please don't download anythingé
Regards
I am VERY Happy! Thank you so much! I just can't download the the thing you keep telling me to download. It is just after 5pm here. I appreciate all of your help so far!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Nov 30, 2011 at 04:39 AM
Nov 30, 2011 at 04:39 AM
I suggest you now create a restore point:
To create a restore point manually,
1.Click Start
2.Right click on My Computer
3.Select Properties
4.From the tasks pane on the left, click System Protection
5.Select a disk (place check mark in box if it is not already checked) from the list, usually C:, and click on the Create button.
6.Type a name to describe this restore point (ex. "Kioskea")
7.Click Create button
See if you can download "the thing" from here. Remember, once installed, if in French, click on the hardhat to change it to English.
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
The downloading should begin automatically, if not, at the top of the webpage, you may see a yellow warning message, click right on it and choose download. This last diagnostic is important to avoid repeats of infections.
To create a restore point manually,
1.Click Start
2.Right click on My Computer
3.Select Properties
4.From the tasks pane on the left, click System Protection
5.Select a disk (place check mark in box if it is not already checked) from the list, usually C:, and click on the Create button.
6.Type a name to describe this restore point (ex. "Kioskea")
7.Click Create button
See if you can download "the thing" from here. Remember, once installed, if in French, click on the hardhat to change it to English.
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
The downloading should begin automatically, if not, at the top of the webpage, you may see a yellow warning message, click right on it and choose download. This last diagnostic is important to avoid repeats of infections.
Nov 28, 2011 at 03:56 PM
Nov 28, 2011 at 04:02 PM
P.S. I suggest you tell Best Buy that they are way out in left field.
Nov 28, 2011 at 04:05 PM
Nov 28, 2011 at 04:13 PM
There are tdl4 rootkits which can cause this dump and i didnot confirm that this error is virus related or driver related.
I just wanted to get the logs to check if PC was virus free
Possibly the minidump files would say us about the issue
Thanks