Looking for help

::slight_smile: ok so a few days ago i started getting the BSOD
windows xp Spack2
avast 4.8
windows firewall

when i would log into windows it would work for a short time then to would BSOD with the code 0x0000008E (oxoooooo5 0x806354df 0x9b7abc 0x00000000)
now when i run windows in safe mode it works and is stable till i try to run avast and it will scan and give me a different BSOD 0x0000008E (oxoooooo5 0x80576f26 0xb9638b0 0x00000000)
now i can scan files one at a time just when i run a system scan it BSOD me and also i did find a rootkit on my system

Sorry for coming in on your post here … can’t help but have the same problem as you, thought I would bak you up to try to get a reply here if you don’t mind!

Please we need answers?

I have also tried to format the hard drive and also swapped hard drives and can’t get past loading windows installation files unless I do it from recovery console after rewriting mbr boot.ini and various dll files!!

do format in recovery console and can install windows, all is fine till try to install avast…then this thing boots up again and thats it!! your dead!! corrupts all Microsoft office stuff kills avast and BSOD … keeps building up till no way can get into windows! without BSOD.

Can someone please try to help with this?
does not appear to be anyone answering on this on the forums!!

Have you obtained any answers since yestersay xesstoney?

cheers

nope nothing yet… well i was looking at another place and found some info. but still have not found a fix yet. there were to ideas iv been looking at its the “haxdor” or the rootkit i found if some one would wanna look at the minidump file i would send it to them. if it is the haxdor i copies its self into the registry to run as a driver which would make sense with the 0x0000008e code im getting. but i need a way to fix the registry >.<

Do yuo have a link to the info about haxdoor?

yeah here but i have a book mark with more about it on my comp http://support.microsoft.com/kb/903251

also http://icrontic.com/forum/showthread.php?t=50966

I’ll be here for awhile if you want to try a scan tool or two.

I am not sure I scanned for rootkit and got the all clear!!
I also formatted using recovery console + fixmbr + fixboot, all was fine till I tried to install Avast again!! within seconds BSOD.
I just formatted again so I see what happens if I do not install Avast.

anyone know where else a virus may be able to write to, can it write to memory on the cards or something ?

It acts a virus it acts exactly like a virus.

Also I am getting these 8E stop orrors as well as 7E and 4E, and a PFN_LiST corrupt
won’t let you format from the cd either as soon as you copy files to the windows installation folder it BSOD!! with message CD is corrupted! got two xp install cd’s same for both!
have to go through recovery to format.

Please Oldman can you help me?

clean install as said above!

tried to install nvidia motherboard drivers, get error 1335 data1.cab corrupt and then in seconds the old mate BSOD stop error 8E again!!

not sure if I know what I am doing enough to preform the deleting of files from recovery xesstoney posted!! but maybe it is the only way of getting rid of this thing!!

I need to know more but need some help!

anyone got any further on this, and why does it carry over after clean installs of windows where is it hanging out at?

Another thought!!
Is this 8E error even real?
I don’t remember stop errors rebooting the computer before!
usually can just leave them sitting there while you troubleshoot on another computer this one stays for a few minutes then reboots the computer?

I’m not sure what is happening. Or where it’s coming from.

Did you try memtest? This fault can be a faulty ram.

Running without an av is risky, but I understand you delema.

Post back, I’ll see if I can find something.


These error codes usually mean that there is a hardware issue of some type … possibly failing hardware.


Hi CharleyO. My feelings also, especially in aliceincode’s case. Not saying there isn’t a possiblity of infection, but 4E, and a PFN_LiST corrupt and disk problem sure do look like ram.

Haxdoor maybe, but I would like to see these computers pass memtest first. Most scan tools are quite ram intensive. If they crashed, there would be no indication either way. At least they should survive memtest and there would be results to look at.

Hey thanks for the replies :slight_smile:
I changed the ram … also changed hard drives … only hardware now which it may be is the mobo or cpu, everything else has been disabled or removed or swapped for testing.
I got a brand new mobo…cpu&ram ready to roll but don’t want to reproduce the problem on the new mobo!! as I am not convinced it is hardware!!

tried to go with a memtest, but gives boot i/o error when try to boot to floppy!!
although it has no problems copying the bootimage to the floppy drive!

a CMOS virus wrapped up with a rootkit are the symptoms…anyone know of a virus which bundles these two up?

Like I have full control of this machine up to the point something iritates it, like installing a security program, then I start banking up the errors!

why would hardware care what programs I install?

I will try install Nero to write memtest to cd?

Nero will do the job, I think. Post back after the memtest. If need be we can try some scans. I just want to rule out hardware as much as possible.

Oldman thanks

this is going down another road temporarily, as I need to reinstall windows through recovery again to fix the data1.cab file error to install nero,
what I did was take a copy of the hard drive onto a removable external hard drive and scanning now with Avast on another computer … so far its found a …
win32-agent-pbf
as well as a …
win32-trojan-gen(vc)
question would be though … how did they get on a formatted drive? no network connection?
windows cd? or motherboard driver installation disk maybe?

would explian though why it is not letting install security programs … yeah?

whatever this is crashes the cd boot anyway!! have to fixmbr fixboot and format to get them back up!

gives error that disk is corrupted until after the fix commands are run then all is fine … until and so forth and so on … !!!

should I start a new post and get out of xesstoney’s world?

sorry xesstoney ???

Might as well stay here, I haven’t seen him back for awhile.

What where the file names that where detected?

both in sytem volume information restore
one is A0009350.exe file
and
A0005842.exe [UPX] file
does not tell much does it?
does this mean these could already have been stored on the removable drive? in the system volume information folder which is not delete-able or even open-able!
not making a lot of sense!!
I need to take them serious though as they are somewhere! I have been using this removable drive throughout between these computers to get copies of files from the net like memtest! rootkit scanners and such!

hopefully xesstoney has fixed his error.

Those files are in a system restore point. They won’t activate until you do a system restore. They can be removed, but your system has to be running. When you are restoring your system from the recovery consol, what are you doing? Last know good configuration?

If you have your system going and you want to try this tool, we’ll give it a shot. note: this can also be run from safe mode.

It is vitally important that combofix is renamed before it is even started to download

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop

[*]If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to “Always ask me where to Save the files”.

[*]During the download, rename Combofix to Combo-Fix as follows:

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

[]It is important you rename Combofix during the download, but not after.
[
]Please do not rename Combofix to other names, but only to the one indicated.
[]Close any open browsers.
[
]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix


[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.

[*]Close any open browsers.
[*]WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
[]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[
]If there is no internet connection after running Combofix, then restart your computer to restore back your connection.


[*]Double click on combofix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the [B]“C:\ComboFix.txt”

Note: Do not mouseclick combofix’s window while it’s running. That may cause it to stall