8 Replies Latest reply on May 16, 2011 4:18 PM by frankf

    Trojan detected > BSOD > No Boot - another false positive?

      I haven't the slightest idea if this the right place to post this but then I'm at work and haven't the time to browse the site throroughly, so apologies in advance...

       

      I'm running latest version of Total Protection on a XP SP3 machine and on saturday encountered 'something' that has prevented Windoze XP from booting up anymore. On Saturday afternoon/early evening whilst surfing the web McAfee brought up a message stating it had found a trojan (presumably via real-time scanning since it was running a scheduled scan) and that it was removing it. Immediately it caused a BSOD. Since then windows XP will not load at all, just black screen with blinking cursor top left hand corner and no options for Safe mode or anything else in the boot menu.

       

      So...I'm wondering whether:

      A) A virus killed my PC

      B) McAfee had another false positive problem and deleted something so essential to Windows that it will no longer launch when booting up.

       

      Have there been any reports of something happening over the last week or so (I'm thinking back to the classic svchost.exe clanger from 2010 as an example of anti-virus software developing the equivalent of an auto-immune disease).

        • 1. Re: Trojan detected > BSOD > No Boot - another false positive?

          Hi ,

           

          Did you try booting into safe mode or the just just doesnt boot what so ever ?

           

          If you can get into the safe mode, try a System Restore and see if you can load back into Windows normally.. Its too early to conclude whether its a virus or the McAfee which brought your PC to a standstill.

           

          Thank you

           

          Sameer

          • 2. Re: Trojan detected > BSOD > No Boot - another false positive?

            No I can't boot it up at all. If I interupt the start-up process to bring up the boot menu, there is no option for Safe Mode or anything that suggests it is on the harddrive in question. And no pressing F8 doesn't do anything either. At the moment I've been presuming the HDD itself is still functional, but I suppose I should at least entertain the thought that it has been damaged in some way.

             

            It does seem somewhat suspicious timing that seconds before it Blue Screened and died I got a Trojan notification and removal warning from McAfee. I'm not much of a believer in coincidences.

            .

            • 3. Re: Trojan detected > BSOD > No Boot - another false positive?

              Hi,

               

              Have you found a solution? I have a similar issue on my laptop: McAfee reports during surfing that a trojan was detected and a restart would be required to fix it. However, the laptop does not boot anymore from HD. Immediately after the BIOS startup screen I get a black screen with a blinking cursor, the harddisk activity indicator shows no activity at all. No chance to boot into safe mode. Diagnostics shows the HDD is functioning OK.

              I have a Dell Studio 1735 with Windows Vista Home Premium and McAfee Antivirus Plus.

               

              Thanks,


              Frank

              • 4. Re: Trojan detected > BSOD > No Boot - another false positive?
                Peacekeeper

                No dat issues that I know of will flick this up the line. As it is the weekend we might not get a reply till Monday US time though added a CC  to a couple of mods as well

                 

                Of course if you had the file name that was infected and / or the detection name that might assist

                 

                Have you tried repairing the system files ie following

                http://www.bleepingcomputer.com/forums/topic43051.html

                 

                Message was edited by: Peacekeeper on 15/05/11 6:54:31 PM
                • 5. Re: Trojan detected > BSOD > No Boot - another false positive?
                  Peter M

                  Try this to get at least an active screen and hopefully work onwards from there.

                   

                  Press CTRL+ALT+DEL and hopefully Task Manager will appear and then go to File->New Task

                   

                  When the Run window appears, type Explorer or Explorer.exe or C:\Windows\Explorer - Apply/OK

                   

                  There are some other hints here: http://www.techiechips.com/windows-vista-windows-xp-blank-screen-after-login/

                   

                  Message was edited by: Ex_Brit on 15/05/11 8:20:27 EDT AM
                  • 6. Re: Trojan detected > BSOD > No Boot - another false positive?

                    No I didn't find a solution. I had my cousin (a pretty good techie) look at it and we tried to repair the boot sector of the disk (or something involving the word boot). This got it back to booting up the OS, but having tried a partial re-install of windows earlier, it was throwing errors up left right and center. In the end I just bought a new HDD and OS. However, I did find that the harddrive in question when scanned with Avast! from my new drive reported 5 trojans on it. I don't have details on me now (I'm at work), but I'll look them up this evening and report what it found in case it helps. But otherwise, I'd look to using your bootdisk to try to repair the master boot record and boot sector.

                     

                    Message was edited by: All-a-Mort on 16/05/11 08:43:00 CDT
                    • 7. Re: Trojan detected > BSOD > No Boot - another false positive?

                      Right, when scanning the failed harddrive with the corrupted windows installation, The following were found:

                       

                      2 instances of Win32:Alureon-ABN

                      1 instance of Win32:Alureon-ABK

                      1 instance of Win32:Kryptik-CBP

                      1 instance of something named HTML: Iframe-inf

                       

                      All were found in temp files in windows except the HTML one which was a temp file in mozilla (the browser I was using), which would I suppose lend credence to the idea that McAfee spotted something untoward as I browsed the web. I still think something corrupted the boot sector in some fashion (bare in mind I haven't the slightest idea what the boot sector is exactly...). But perhaps this information might be useful to someone.

                      • 8. Re: Trojan detected > BSOD > No Boot - another false positive?

                        It turned out that I was infected by some fake AV trojan, which messed up my MBR. I solved it by doing the following:

                        - boot from my original Vista DVD and choose repair

                        - select Command Prompt

                        - type bootrec.exe /fixmbr

                        - restart PC

                        Now I was able to start Vista. Start it in safe mode. Determine which fake AV trojan infected your PC and Google for the recommended removal instructions.

                         

                        Rgds,

                         

                        Frank