Go Back   Tech Support Forum > Networking Forum > Security and Firewalls

New hard drive won't help--BIOS virus?

This is a discussion on New hard drive won't help--BIOS virus? within the Security and Firewalls forums, part of the Tech Support Forum category. I believe my daughter got something on her computer. It started with security alerts from Norton and Windows. Evidently it


Reply
 
Thread Tools Search this Thread
Old 01-11-2010, 07:01 PM   #1
Registered Member
 
Join Date: Jan 2010
Posts: 2
OS: XP



I believe my daughter got something on her computer. It started with security alerts from Norton and Windows. Evidently it graduated to the point that Norton will not load up. MBAM would not install even if I changed the program name. As I have been down this road before, I put in the Windows XP disk and rebooted with the intention of reformatting and reinstalling the OS. I get a blue screen saying "A problem has been detected and Windows has been shut down to prevent damage to your computer" and then it instructs me to run chkdsk /F. Since I the hard drive on this computer was a bit small anyway, I bought a new 1TB hard drive. I started up the PC with the XP install disk and I get the same blue screen message. I checked the XP install disk with another PC to see if the virus had written something on the disk, but it doesn't look like the dates on any of the files were updated.
Could this be a BIOS virus? Maybe something got written on the XP install disk that I can't detect? Thanks for your help

__________________
Portac is offline   Reply With Quote
Old 01-11-2010, 10:36 PM   #2
2xg
Team Manager, Networking Forums, Microsoft MVP
 
2xg's Avatar

Microsoft Most Valuable Professional
 
Join Date: Aug 2009
Location: SoCal
Posts: 19,972
OS: Windows O/S'es



Hello and welcome to TSF!

What is the computer's brand? Dell, HP, Lenovo etc. Do you have all the CD's that came with the computer?

Verify that you are using a valid (Genuine) Windows XP CD.

Updating the Bios might help also.

__________________

Microsoft MVP 2011-2013 Windows Expert Consumer
Networking Articles & Tutorials
2xg is offline   Reply With Quote
Old 01-12-2010, 08:03 PM   #3
Registered Member
 
Join Date: Jan 2010
Posts: 2
OS: XP



I reinstalled the original hard drive and I did get MBAM to run.
Here is the report:

********************************************************************************
**
Malwarebytes' Anti-Malware 1.44
Database version: 3552
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/12/2010 8:00:21 PM
mbam-log-2010-01-12 (19-59-57).txt

Scan type: Quick Scan
Objects scanned: 131689
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\H8SRTgpkiorybme.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\H8SRTgpkiorybme.dll (Trojan.Vundo) -> No action taken.

*******************************************************************************

MBAM is not removing the virus as I get the same thing when I reboot and rerun MBAM.
I downloaded Norton's Trojan.Vundo removal tool (Fix Vundo) and I get the following report:


*******************************************************************************
Symantec Trojan.Vundo Removal Tool 1.5.1
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.

C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: (not scanned)
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: (not scanned)
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine: (not scanned)
C:\System Volume Information: (not scanned)

Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 73154
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral processes suspended: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0
********************************************************************************


But this is not fixing the problem as when I rerun MBAM it still identifies the same problem.
The computer is a Dell Dimension E520 with Windows XP home edition. I do not have the original CD's that came with the computer.


Thanks for your help.
__________________
Portac is offline   Reply With Quote
Old 01-12-2010, 08:11 PM   #4
2xg
Team Manager, Networking Forums, Microsoft MVP
 
2xg's Avatar

Microsoft Most Valuable Professional
 
Join Date: Aug 2009
Location: SoCal
Posts: 19,972
OS: Windows O/S'es



It looks like that your computer is still infected, although I didn't ask you to Post the results of the MBAM and your Anti-Virus software.

Please follow this pre-posting process outlined:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic in the Virus/Trojan/Spyware Help.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

If they can't help you they might re-direct you back here to the Networking Forums.

Goodluck!
__________________

Microsoft MVP 2011-2013 Windows Expert Consumer
Networking Articles & Tutorials
2xg is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:10 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts