Link to home
Create AccountLog in
Avatar of Scott Thompson
Scott ThompsonFlag for United States of America

asked on

Disable Driver Signature Enforcement every Boot

Hello,

I have a computer that is infected.  It is a HP DV6700.  The customer brought it in, and all it would do is reboot after trying to load Windows.

We have determined it is most likely due to infection, but I keep having issues trying to even run the scans in Windows.  For the most part, I keep getting a STOP C4.

Oh, and the ONLY way I can get Windows to load is to choose 'Disable Driver Signature Enforcement'.

I'm going to upload some minidumps and and rkill log.  Hopefully this will give people ideas of what I can do! :)

Thanks!
Minidumps.zip
Rkill.txt
Avatar of TvMpt
TvMpt
Flag of Portugal image

There are 2 ways to disable digital driver signatyre enforcement; the 1st way is using command-line tool cmd.exe to execute this command-line bcdedit.exe /set nointegritychecks ON , the 2nd method which is recommended is to diable it through Group Policy Object (GPO),

 

1. Start --->> Run ---> GPEdit.msc

2. Enable and Ignore Code signing for drivers policy under User Configuration --->>

    Administrative Templates ---->> System ---->> Driver Installation --->> Code signing for drivers

   
Avatar of Scott Thompson

ASKER

Okay, by doing that it should allow me to boot into Windows every time, but how to I fix the current issues so I don't have to boot with Driver Signature Enforcement disabled?
Im not a pro in virus or something but when i get that in personal computers i use the avira boot usb to try to find the virus,booting from usb, and then run the Ad-Aware by Lavasoft

And check in start up (cmd->msconfig)  if there's any suspicions entry....
Avatar of David Johnson, CD
download and run sysinternals loadorder.

You may want to also get autoruns and rootkit revealer also from Microsoft Sysinternals

Malware Bytes is an excellent product and I recommend it highly http://malwarebytes.org
I'm running a command line scan with EmsisoftEmergencyKit in Recovery Mode at the moment.

I did run a scan with Malwarebytes.  I will try to post the results when I get back in.

I'll also look into your guys' suggestions.

Thanks!
Okay, here are the scan logs for Malwarebytes and Avast!.  Also for Combofix.

Emsisoft found 5 infections, but I apparently did not get a scan log.
Avastlog.jpg
mbam-log-2013-06-26--15-27-07-.txt
ComboFix.txt
after the removal how are things looking?
Run sfc /scannow in elevated command prompt.
I have ran sfc scannow and already poated the cbs.log, but I will run again. :-)
Posted the cbs.log?
ASKER CERTIFIED SOLUTION
Avatar of Scott Thompson
Scott Thompson
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Customer decided to reload.  Was not given enough time after posting to solve.