Hi there. How operational is your windows currently. Are you able to boot into Windows and run apps etc ?
Hi. Sorry for the delayed response. did not realize i had a response. yes. i can boot into windows and run apps. the stop error message comes up unexpectedly though.
Ok. if the error came on for no apparant reason then it is often linked with a virus infecting the master boot record of your hard disk. The iastor driver that causes the blue screen error also controls the master boot record and any virus activity will crash the driver. Before you do anything i would make sure you have backups of your data as altering the mbr has the potential to render windows unbootable. Have you had any recent virus infections and are you running any antivirus software ?
i am running webroot antivirus software. i do not have any overly important data on the computer except pictures and they can be retrieved from another source later. what should i do now?
i do have one problem. i do not have the discs that came with the computer. i am unable to locate them. is that a problem? will i need to reinstall the windows system? if so, i may have an issue huh?
I am not familiar with Webroot so can't say if it can scan the mbr. I can give you a link to a tool which specifically scan the mbr only. ll. Don't run it unless you are sure you have alternative sources for your data though. Below is a link to the fixmbr tool which also explains how to run it. If the mbr is destroyed in the process then yes you will need a source to reinstall Windows from so there is some risk involved if you have no restore discs. The fixmbr tool is here http://windows7themes.net/how-to-check-mbr-for-virus-infection-via-mbrcheck.html
okay. this could be tricky. i may need to download the windows 7 operating files to a disc first before i do anything. can i copy from my computer if the mbr is damaged or should i try pulling the info from the microsoft site?
webroot is a system installed by best buy when i purchased the computer. i bought it with pre-installed programs on it. it is a toshiba L455. has been a good computer, this is my first issue with it since i got it.
could this virus have come from one of those websites like youtube?
can you recommend a good virus protection program?
If it is a toshiba they normally include the operating system files in a seperate section of the hard disk. Normally you access it via a function key at startup. (usualy f10 or f12 but should say on the screen at startup) If the mbr does become unusable though you will not have direct access to Windows so anyhting you need to back up needs to be done first. It's difficult to say where viruses come from if indeed it is a virus, at this stage it's a likely scenario but not 100%. You tube is pretty safe as they scan all uploaded content. Mbr viruses often come via external drives or memory sticks. As to a good AV if it turns out Webroot allowed one in, i like AVG because it has all of the needed scans but doesn;t slow your machine to much. None of the AV programs are unbreakable though so you always have to be cautious about content you download etc even when you have it.
A quick look at the Webroot website mentions it can scan for some root viruses so you could try a full scan with that first.
okay, i understand. i ran a full scan with webroot, and it did not help. once i ensure that i have the files to reinstall windows, i should then go to the fixmbr tool you provided and follow the steps right?
Yes that's what i would do. Fixmbr as well as checking for viruses will verify the mbr is ok so if nothing else it rules that area out. i would say in 75% of the instances i have seen this error though it has been down to something that shouldn't be there occupying the mbr.
okay, will do it. thanks for your help.
i also think that it has a 95% chance of checking the mbr without damaging anything but better to be safe with your data just in case
let me know what happens. I'm intrigued now.
i am scared, but will do what you suggested. thanks so much. you have been very helpful.
i do have a question. i just started the full webroot scan again. if it is not able to run successfully (so far it is running fine), would that be something to worry about?
webroot just identified a troj/tdlmbr-a virus. could this be the issue?
That's the one. Troj stand for trojan horse virus which means it came hidden in another file. The mbr bit means it's an mbr virus. That's a very strong candidate for your problem
oh great, not what i was hoping for....
wow, there is another on troj/pdfjs-oy
oops - meant to say another one.
it's a good thing as it means you have probably found your problem and webroot will likely remove it when the scan has finished. The only worry for me is why you were unaware they were there as the AV is meant to be warning you when you are infected even without a full scan
oh really. the problem started yesterday morning. i ran the full scan last night and it did not help. i still had the problem this morning and would not have thought to run the scan again until you mentioned it in your earlier message. i decided to run it again and up pops these two. it is still running and so far there are 16 items located and 40 traces found.
it could be that webroot has downloaded an update since the last scan which has enabled it to detect viruses that previously it couldn't. I know AVG update daily so Webroot may be the same. Often once one virus gets onto the system via a trojan horse, they then open a backdoor into your computer to allow others in so they can quickly increase in number. The key is to stop the trojans that start the process but the virus writers are very clever and constantly are outfoxing the AV programs.
scary. if i remember right, i can not have multiple virus programs on my computer right?
That's correct as they take control of your email programs and things like the mbr. If you had 2 they would fight for that control and cause problems. What you can do is back up your AV with an on demand Malware scanner. They only run when you tell them to so don't interfere with your normal AV but can act as a second line of defence if you run them say once a month. You can get a free one called Malewarebytes which is very good.
will do. thanks so much for the info. you have been great.
Link to Malwarebytes in case you want to try it. http://www.malwarebytes.org/
when your scan has finished can you let me know how many it found etc just out of interest. I'm fairly sure provided Webroot can remove them that it will fix your issue
appreciate the info i will make a note of the link to download it when the scan finishes. i have been using a secondary laptop to communicate with you, to be able to take any steps you suggested without losing you in the conversation.
i will advise once the scan finishes. it is at 23 mins and still running with only about 45% of the system scanned.
Ok. i have my fingers and toes crossed for you that it goes well.
no additional virus so far, so hopefully that is a good thing.
thanks, XXXXX XXXXX use all the luck i can get.
i'm holding a little luck back for the lottery but i think i sent just enough to get the job done. it'll be fine, i have a good feeling about it.
i understand. if you hit the lottery, you have to remember all your friends....
i am your new best friend, don't forget me.
i think if i win i will have an awful lot of best friends. Don't hold your breath though i'm not usually that lucky where the lottery is concerned.
lol - you would be as lucky as any of the other millions or so people playing. just don't forget all the little people when you do.
the scan just finished and there were 16 files quarantined. as soon as the closed the AV, the stop error come up. i am rebooting now. is this an indication that i still have a problem?
colin, it happened again. should i run the scan again?
The stop error may have been caused by webroot removing the virus from the mbr. When it restarts i would scan again and see if it is clear. If it is then hopefully it's gone for good but if it is still there it may be that Webroot can't remove it and you may need to use the mbr tool.
webroot indicates that all 16 files were successfully quarantined. 2 of the 16 were trojans. the others appear to have been cookies or traces. i am starting the scan now. cross your fingers and toes again!
colin, the same trojan came up again. is it possible that it came back in the minute the scan quarantined it?
i suspect that webroot couldn't remove it but i have seen Av programs take more than 1 attempt if there are multiple viruses. if it fails a second time you will need to try either the fixmbr tool or you could try malwarebytes from the link i gave you.
okay, will do. thanks.
so far, i have just that one trojan. no other traces found.
ok. Some progress then
colin, scan complete. there was only the trojan mbr detected and quarantined, again. i am trying to download an update to the webroot program, but have not been able to do so. i will try again once i reboot.
ok. How often did the blue screen happen before.
just rebooted. waiting to see what happens.
the blue screen would come up everytime i logged into the computer.
colin, i got the stop error again. i am going to run the malware and see if it helps.
seems to run okay on safe mode, but if i work outside of the safe mode, it gives me the error
Right ok. try malware and if all else fails the fixmbr tool. Many viruses are dormant in safe mode but active in normal mode which makes me think something is still there webroot is missing. Run the malware scanner and if all else fails go with fixmbr. I will be offline in about 10 mns as my shift is finishing but i will get your replies when i am back on. I can pick up again then if you are still having issues.
will do. thanks.
Make sure if you run malwarebytes in safe mode that you use safemode with networking as it will need to download an update before scanning.
colin, scan complete. 5 items found. one trojan/doppler found 4 different times. the system needs to reboot to complete the process.