Laptop bluescreen while booting

HBMI
HBMI used Ask the Experts™
on
Working on a laptop (windows vista home) and it blue screens while booting up.  I took the drive and and scanned it with Trend Micro.  Trend Micro findings:
Troj_gen.R47c2gd
Troj_gen.RC1C1G5
JS_GORD.F
Troj_gen.R72C2G8

Then I did a chkdsk /f /r  everything good.


Put the drive back in the laptop and it made it farther as I was able to log in but then it rebooted.  I started it up in saftemode and runs good without rebooting.  Looked at device manager hardware and nothing is having issues.

Any suggestions?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
By the sounds of it you have had a virus that infected the laptop and installed something pretty low level, e.g. a malicious driver. When the malicious driver or low level software crashed, it caused bluescreens. Trend Micro managed to clean it up a bit but the virus clearly made other modifications to the system and has broken things that are low level in Vista. It might have messed around with system files, changed group policies or registry entries etc.

At this point, if you are fairly confident that the hardware is okay, it's easier to just reinstall Vista or restore from a baremetal backup if you have one. If the virus has made a lot of destructive changes to the system you'll never really get it 100% back the way it was, and any crash or issue you won't know if it is fallout from the virus, or something else.

I'd just reinstall Vista if I were you.
Try and check safe mode. If the blue screen error doesn't come up, we can try a few things to find out the exact corrupt file. If it doesn't boot up..reinstalling sounds a good option.

Author

Commented:
Yes it boots up fine in safe mode.
In the start search , type "msconfig".

Click on "services" tab,

check "hide all microsoft services"

click disable all and reboot.
Sudeep SharmaTechnical Designer

Commented:
So you are not getting blue screen, it just reboots. then you might need to configure it to see the blue screen which would show you the file which is the culprit.

Disable Automatic Restart to Read Blue Screen Messages
http://vistasupport.mvps.org/disable_automatic_restart_to_read_blue_screen_messages.htm
Yes..disabling automatic restart would stop you at the blue screen error.
Author of the Year 2011
Top Expert 2006

Commented:
That variant of malware is probably a couple of years old and should be cleanable with current tools/scanners.

Since you can't boot to Normal Mode, do your FIRST Malwarebytes "Full Scan" in Safe Mode and if it finds anything, tell it to clean/delete the infected files.

Immediately try re-booting to Normal Mode and if it does, use RogueKiller and Malwarebytes (again).

Post all logs generated by RogueKiller and Malwarebytes.

Details here:
Basic Malware Troubleshooting
Stop-the-Bleeding-First-Aid-for-Malware
Rogue-Killer-What-a-great-name
Top Expert 2013

Commented:
in many such cases, i prefer a fresh install, to be sure everything is gone..
do you have a recovery partition or CD ?

Commented:
As Ashutosh1231 says use msconfig.but you can use the Selective startup option and then select and untick load startup items.

May help you identify if a startup component is causing the issue. Sometimes components of the viruses can end up in the startup.

I would also download Spybot, Adware Free and malware Bytes. Update, then run Full scan individually. In fact I was do this first!

Cheers

Steve
Top Expert 2013

Commented:
by the time you've run all these , you can have other troubles also.
fresh install takes time, but is the best way to go (and in many cases - much faster)
Agree with Frosty555 and Nobus.

Probably better just to go fresh install.  If this is viable of course.
Author of the Year 2011
Top Expert 2006

Commented:
Everyone knows that "Format/Reinstall" is always an option, but it is almost never necessary - if you use the proper tools to clean/disinfect the system.

Telling someone to reinstall the OS and all of the installed applications really isn't very 'helpful' in terms of providing "Expert" advice.

I recommended using both RogueKiller and Malwarebytes (above), but the fact is that the new definition files from Trend will repair all of these variants.

Author

Commented:
Ok I am running Malwarebytes against it right now.
Author of the Year 2011
Top Expert 2006

Commented:
HBMI -
Are you still in "Safe Mode"?
Regardless of the answer to that, please post the MBAM log that is generated by the scan.
Top Expert 2013

Commented:
younghv, i also do scans -  and found i'm better off with a fresh install in many cases.  But hat is only my opinion.
the scans may well take over a day...and you're never sure 100% if all is ok
Top Expert 2007

Commented:
Fresh install is also good if the user don't mind doing that.
I always try and run scans first specially formatting and reinstalling takes time with my PC.


"the scans may well take over a day..."

Full scan takes long and unnecessary.
With MalwareBytes "Full scan" is not necessary to remove infections. A Quick scan is all that is needed because it catches 99.9% of the malware that MBAM will detect.


Also try scanning with ComboFix and TDSSKiller and post the logfiles.
1.  Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


2. TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Top Expert 2013

Commented:
rpggamergirl - tx for the info ! i'll keep it in mind
Top Expert 2007

Commented:
No problem.
Though there is nothing wrong with Full Scan, it just takes time.
With MalwareBytes a Full scan is never necessary due to its method of detection, note also that the same does not apply with antivirus.

With MalwareBytes, the other .01% that Quick Scan doesn't cover are those locations of dormant traces e.g., contained in the restore points, or in folder/zip file where if malware is present they are not a threat.
Author of the Year 2011
Top Expert 2006

Commented:
Excellent information - I will modify my recommendations in the future.
Top Expert 2011

Commented:
You're in good hands with rpgamergirl  Queen Malware Killer :o)
Top Expert 2013

Commented:
that's another one ! i prefer rpggamergirl

Author

Commented:
I ended up doing a fresh install.  I hate doing it but didn't want to commit the amount of time to figure this one out.
Yes, sometimes cleaning a malware infection just takes TOO long, and it is quicker to reinstall.

Author of the Year 2011
Top Expert 2006

Commented:
HBMI,
In the future you might want to consider the impact of asking questions here on EE and then abandoning the volunteer Experts who are trying to help you.

I don't really care that you decided to do a re-install, but I don't think it took you 15 days to arrive at that decision.

You currently have 8 Open Questions that go all the way back to February. It is certainly in your best interest to stay active in the questions you post - and give timely responses to those trying to help you.

Have a read though this part of the Help Pages and do your part to keep the Experts wanting to continue helping you.

http://www.experts-exchange.com/help.jsp#hs=23&hi=462
Top Expert 2007

Commented:
Ahh I missed the alerts from this thread.

"I ended up doing a fresh install."
Well, not bad, at least now you have a squeaky clean system, :).


Jim-R,
"Queen Malware Killer" , what an awesome compliment which rpg doesn't deserve, but thanks, :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial