Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts

Hi,

If it said no threats found that is fine.

GMER

Download GMER Rootkit Scanner from here or here.

[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
[*] If it gives you a warning about rootkit activity and asks if you want to run scan…click on NO.


http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg

Click the image to enlarge it

[] In the right panel, you will see several boxes that have been checked. Uncheck the following …
[
] IAT/EAT
[] Drives/Partition other than Systemdrive (typically C:)
[
] Show All (don’t miss this one)

[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “Gmer.txt” or it will save as a .log file which cannot be uploaded to your post.

[*]Save it where you can easily find it, such as your desktop, and attach it in your reply.

Caution
Rootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
.

Hi,

Towards the end of the scan my computer abruptly stopped…a blue screen appeared: “A problem has been detected and Windows has been shut down to prevent damage to your computer” This is the second crash I have had, I’m too afraid to pursue this any further. I didn’t see any issues listed up to that point. Would you kindly tell me how to remove GMER Rootkit Scanner, TDSSKiller.exe and OTL.

I just want to clarify…Are you saying you don’t want help any longer? I only ask because I don’t want to remove tools unless you are certain.

Although I don’t like the idea of having ‘nasties’ on my computer and I do have complete faith in you, having a computer that is up and running is my main concern…I can’t be without it. I have just had the same blue screen shutdown I had with the last scan, when I tried to carry out a dsk chk (which was clean after I managed to re-boot successfully). It said: Drive IRQL not less or equal…please check new installations (plus further instructions)?? I am worried that something has gone wrong, I have never had this type of shutdown before.

It said: Drive IRQL not less or equal
Were you able to get the complete message that was shown by chance?

Let’s check to make sure you don’t have a failing hard drive.

Please download HD Tune (the free version not the trial), run an error scan on your primary harddrive (full not quick) and report back if any blocks aren’t green. It tests your hard drive for bad sectors.

I’ve done a search and found this, which seems SIMILAR BUT MAY NOT BE EXACTLY THE SAME

A problem has been detected and Windows has been shut down to prevent damage
to your computer.

Driver IRQL not less or equal. (that was there)

If this is the first time you’ve seen this stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use safe mode to remove or disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical Information:

*** STOP: 0x00000018 (0x00000000, 0x86f0e908, 0x00000002, 0xffffffff)

*** fltmgr.sys - Address 0x87fc79ec base at 0x87fc0000 DateStamp 0x4a5bbf11

<Original title - BSOD>

I’m too afraid to do any more scans at present, as it was the scans that triggered these crashes…OTL caused a black screen with no message crash, which I’ve not had before and the first blue screen shutdown I’ve ever had, with message similar to above, happened while GMER Rootkit Scanner was running, so I want to remove that first please…can you tell me how to do it. Thanks, as always. :slight_smile: I’m really worried…as you know I can’t use System Restore or safe mode.

*I checked for Windows updates a couple of days ago, said no essential ones were needed.

Ok…If you run the following instructions you will remove GMER, OTL and many other files from programs we have used. Anything else that you see that was related to what we did here you can just send to the Recycle Bin for deletion.

Clean up with OTL:

[*]Double-click OTL.exe to start the program.
[*]Close all other programs apart from OTL as this step will require a reboot
[*]On the OTL main screen, press the CLEANUP button
[*]Say Yes to the prompt and then allow the program to reboot your computer.


Done - re-booted normally and quicker than the last few times - it has been acting strange at start-up. Shall I monitor this for a few days and let you know if the shutdown occurs again?

Sure…that sound just fine. :slight_smile:

Hi, I’m afraid I had the BSOD again this morning with the: Driver IRQL not less or equal cause given. I have read elsewhere that the GMER Rootkit Scanner can cause this problem, particularly in older systems. Re:

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters

Would you kindly tell me what the ‘Change Parameters’ actually does?

I want to be able to use Safe Mode so I can select the Last Known Good Configuration option from the Windows Advanced Options menu, but as you know I can’t…

Hi,

Driver IRQL not less or equal cause given. I have read elsewhere that the GMER Rootkit Scanner can cause this problem, particularly in older systems
This is normally a problem with one of the drivers on your system that probably needs updating or a reinstallation. You might try looking in Device Manager to see if any of the drivers have any warnings active right now and that may be your problem.
Would you kindly tell me what the 'Change Parameters' actually does?
This is only changing what it is that the scanner is looking at and not actually changing anything on the system. TDSSKiller won't do anything to your system that we don't tell it to do. :)

Okay…I might ask for suggestions on Microsoft Answers…I’ll give you any worthwhile update if you wish? I want to take this opportunity to thank you again for your help, time and patience. :slight_smile:

Hi,

I’m not getting that virus notification when I go to those MySpaces anymore. Are you?

:o !!! No…well, who rectified that I wonder? Yesterday it was there, just now not and it has been going on for months.

HOORAY - I hope it lasts - was driving me crazy.

Now all I need is someone to help me with the keyboard issue and BSODs…

Did the lovely jeffce step outside his line of duty and correct that?

Hi,

So what problems are you having with your keyboard exactly?

Were you ever able to run HDTune after I gave the instructions for that?

Hi,

Sorry, missed this:

Quote

Driver IRQL not less or equal cause given. I have read elsewhere that the GMER Rootkit Scanner can cause this problem, particularly in older systems

This is normally a problem with one of the drivers on your system that probably needs updating or a reinstallation. You might try looking in Device Manager to see if any of the drivers have any warnings active right now and that may be your problem.

I had a look, but couldn’t see any warnings…could it still be the case though?

Found this:

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.

http://www.computing.net/answers/windows-xp/driver-irql-not-less-or-equal/142741.html

Remember the OTL Extras.Txt:

ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability.

Are those two linked?

I’ve read that a Clean Boot might rectify this issue, trouble is I’m not confident carrying out this type of work and I’m worried I may make things worse and lose the computer altogether.

http://support.microsoft.com/kb/283649

“ACPI BIOS is attempting to write to an illegal IO port address” error message when you open the event viewer

This behavior may occur if your computer’s basic input/output system (BIOS) tries to write to one of the earlier ports by using an AML [Advanced Configuration and Power Interface (ACPI) Machine Language] System IO operation region. Your try may be blocked by Microsoft Windows XP because accessing these ports by using this mechanism is considered dangerous and can cause system instability. This feature is designed to improve the stability of your computer’s operating system.

Because the original operating system was not XP?

If I get the BSOD again, I’ll write down the most important codes. I’m too afraid to run any more scans at present. :slight_smile:

Ok yes please write down any specific information shown.

I am going to try to have a more “tech” person look at the logs. :slight_smile:

You’re very helpful and kind - thank you.