WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out our latest Quarterly Internet Security Report!
Solved
Removed a virus, now the dreaded 0x07B
Posted on 2011-03-04
I'm working on a laptop here and it was infected with a virus called "THINKPOINT."
I'm pretty savvy on virus removals, booted to safe mode, malwarebytes, found 2 infections.
Reboot, and BAM 0x07B bloodscreen.
I've seen this maybe 4 times before, after a few hours of research i cave in and just format. But this time is different, because the user has a mission critical program that cannot be lost, yes, she doesn't have a backup.
So anyway steps i've tried so far.
Boot to safe mode, none work.
Scan with Avira recovery disc - found 2 but didn't fix.
Replaced atapi.sys - no change.
There is 1 system restore point, i will try that after i have room in my computer to slave.
I don't want to run a repair install, it seems to just cause problems every time i do that on one of these cases.
OS is windows XP
Thanks for the help!
I'm pretty savvy on virus removals, booted to safe mode, malwarebytes, found 2 infections.
Reboot, and BAM 0x07B bloodscreen.
I've seen this maybe 4 times before, after a few hours of research i cave in and just format. But this time is different, because the user has a mission critical program that cannot be lost, yes, she doesn't have a backup.
So anyway steps i've tried so far.
Boot to safe mode, none work.
Scan with Avira recovery disc - found 2 but didn't fix.
Replaced atapi.sys - no change.
There is 1 system restore point, i will try that after i have room in my computer to slave.
I don't want to run a repair install, it seems to just cause problems every time i do that on one of these cases.
OS is windows XP
Thanks for the help!
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
12
6
3- +3
27 Comments
That's interesting because I have removed ThinkPoint lots of times without issue.
You may want to do the normal, insert windows disc and try to repair it. Run CHKDSK /r and SFC /Scannow
Good Luck
Use this resource for the error: http://support.microsoft.com/kb/324103
Use this to troubleshoot the boot issue: http://www.microsoft.com/windowsxp/using/setup/support/nostart.mspx
You may want to do the normal, insert windows disc and try to repair it. Run CHKDSK /r and SFC /Scannow
Good Luck
Use this resource for the error: http://support.microsoft.com/kb/324103
Use this to troubleshoot the boot issue: http://www.microsoft.com/windowsxp/using/setup/support/nostart.mspx
Ok, i can run chkdsk, but i doubt it will make a change like the other times, but i'll do it.
I don't think its possible to run sfc /scannow unless you can boot into windows, but if i'll let you guys know.
I don't think its possible to run sfc /scannow unless you can boot into windows, but if i'll let you guys know.
I've seen that rogue one before.
http://www.bleepingcomputer.com/virus-removal/remove-thinkpoint
>Have you tried last known good configuration? It should get you back on your feet since the system hasn't booted correctly after Mbam removal.
Then try removal instructions posted..
>If that dosn't work, get Ubcd4win,. Boot to it. Run "registry restore wizard" and restore back a few days to get system booting and then run removal instructions.
http://www.ubcd4win.com/
>Slaving the hard drive and scanning(in this instance) will probably kill your restore points.
http://www.bleepingcomputer.com/virus-removal/remove-thinkpoint
>Have you tried last known good configuration? It should get you back on your feet since the system hasn't booted correctly after Mbam removal.
Then try removal instructions posted..
>If that dosn't work, get Ubcd4win,. Boot to it. Run "registry restore wizard" and restore back a few days to get system booting and then run removal instructions.
http://www.ubcd4win.com/
>Slaving the hard drive and scanning(in this instance) will probably kill your restore points.
I have tried last good config, no avail.
I have UBCD, but as i mentioned in OP there is only 1 restore point. I know how to manually system restore, so i'll give that a shot.
I have UBCD, but as i mentioned in OP there is only 1 restore point. I know how to manually system restore, so i'll give that a shot.
What might work is to use UBCD4Win to fix the drive controller error click
Start>Programs>Registry Tools>Fix_HDC>Fix hard disk controller.
Start>Programs>Registry Tools>Fix_HDC>Fix hard disk controller.
I had a similar problem recently. Turned out there was a rootkit still resident, but I couldn't continue trouble-shooting because of the BSOD.
What I did was to download TDSSKiller to a pendrive:
http://support.kaspersky.com/viruses/solutions?qid=208280684
I then booted to safemode with command prompt (or get there via UBCD4Win, or an XP disk), navigated to the TDSSKiller.exe and ran it. Three minutes later, I could boot the pc and continue scraping malware off the hdd.
What I did was to download TDSSKiller to a pendrive:
http://support.kaspersky.com/viruses/solutions?qid=208280684
I then booted to safemode with command prompt (or get there via UBCD4Win, or an XP disk), navigated to the TDSSKiller.exe and ran it. Three minutes later, I could boot the pc and continue scraping malware off the hdd.
EB - don't believe i have your option in my UBCD, how can i obtain the program you speak of?
Photo -
How would you manage to run TDSSKiller from UBCD or windows cd?
Photo -
How would you manage to run TDSSKiller from UBCD or windows cd?
You can get what you need to make a UBCD4Win disk here.
http://www.ubcd4win.com/downloads.htm
http://www.ubcd4win.com/downloads.htm
I have a UBCD disc, turns out mine is just incredibly outdated, i've already downloaded and burned iso, will report back.
"...How would you manage to run TDSSKiller from UBCD or windows cd?..."
From Recovery Consol navigate to the USB flashdrive and run the TDSS executable.
From UBCD4Win, move or copy the .exe to the C drive and run from there.
It is easier to boot to safe mode with command prompt, if you are able to do that.
From Recovery Consol navigate to the USB flashdrive and run the TDSS executable.
From UBCD4Win, move or copy the .exe to the C drive and run from there.
It is easier to boot to safe mode with command prompt, if you are able to do that.
Optom - System Restore failed, same issue.
Photo, turns out i had an old UBCD, got the latest, problem is, the shell won't load... it gets to were i can pick, and it either locks up there, or i'll pick a shell and it crashes.
I'll try to burn it onto a fvf, maybe the cd is too slow.
Photo, turns out i had an old UBCD, got the latest, problem is, the shell won't load... it gets to were i can pick, and it either locks up there, or i'll pick a shell and it crashes.
I'll try to burn it onto a fvf, maybe the cd is too slow.
UBCD4Win and UBCD are not the same thing. You would get the info and file needed to create a UBCD4Win disk here.
http://www.ubcd4win.com/downloads.htm
http://www.ubcd4win.com/downloads.htm
So i find i can get the new UBCD to load, if i pick the cmd shell, but it can't run tdsskiller, combofix, mbam, nothing. All other shells it just locks up on.
I also ran the kaspersky recovery cd, found 1 infection, but always crashes randomly before a full scan finishes.
I'm running out of options here.
I also ran the kaspersky recovery cd, found 1 infection, but always crashes randomly before a full scan finishes.
I'm running out of options here.
EB -
Already got that figured out, shell doesn't load for me though unless cmd, and tdsskiller and all other apps don't load
Already got that figured out, shell doesn't load for me though unless cmd, and tdsskiller and all other apps don't load
Slaved it and running KAV on it now... we will see the results....
I also tried a repair install, still bluescreens....
I also tried a repair install, still bluescreens....
Well guys i was able to successfully do a repair install, seems to work somewhat, but windows isn't functioning properly, seems a lot of services won't run, i'm running sfc /scannow now.
Ok this is the news.
I got pretty much everything working, but IE wouldn't go anywhere. And it claims the product is not genuine.
After installing ie7, i could launch IE, but it would just crash, and no internet options existed in control panel, next i installed IE8, which caused the ordinal 522 error.
I just booted to safe mode with command prompt and attempted to repair IE, which failed.
As fopr the activation, it wouldn't take any cd keys. Not the original, and not one of the multiple others i have laying around here.
I'm figuring because i repaired with a XP Pro cd instead of a MCE cd. I was able to obtain a MCE cd and will attempt another repair....
I got pretty much everything working, but IE wouldn't go anywhere. And it claims the product is not genuine.
After installing ie7, i could launch IE, but it would just crash, and no internet options existed in control panel, next i installed IE8, which caused the ordinal 522 error.
I just booted to safe mode with command prompt and attempted to repair IE, which failed.
As fopr the activation, it wouldn't take any cd keys. Not the original, and not one of the multiple others i have laying around here.
I'm figuring because i repaired with a XP Pro cd instead of a MCE cd. I was able to obtain a MCE cd and will attempt another repair....
STS-Tech,
While you're waiting, have you tried again to run the TDSSKiller that phototropic mentioned here: http:#a35057028 ?
While you're waiting, have you tried again to run the TDSSKiller that phototropic mentioned here: http:#a35057028 ?
Guys i ended up just formatting, I got everything running, then IE wouldn't work, was able to upgrade to IE7 and it worked from the exe but not as the "default". Then i upgraded to 8 and it just killed everything, so i just gave up.
Thanks for all the help.
Thanks for all the help.
Featured Post
WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out our latest Quarterly Internet Security Report!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below.
1. Ma…
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
- Anti-Virus Apps
- Ransomware
- The Email Laundry
- Email Servers
- Cybersecurity
- Microsoft Access, *malware
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email
Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll
618 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.