- Jul 26, 2012
- 1
- 0
- 10,510
On July 23rd I visited a reputable website only to discover that the frontpage had been compromised with malware. As a result booting up Windows would result in a BSOD after a matter of minutes, usually with the error "PAGE FAULT IN NON PAGED AREA".
Booting up Windows in Safe Mode seemed to have no problems so I scanned the system with Malwarebytes and avast antivirus. Malwarebytes found a file labelled "8000000cb.@" recurring within C:\Windows\Installer\{4f7fb296-fc38-4015-d4eb-0e728329a8fd}\U\ - though Malwarebytes quarantined and deleted the file it was recreated in the folder moments later. avast turned out a number of different results that were subsequently quarantined and stored in The Chest, but upon rebooting Windows BSODs were still the order of the day.
On July 24th I right-clicked C:\ > Properties > Tools > Error-checking and scheduled a Check Disk operation (ticking 'Automatically fix file system errors' and 'Scan for and attempt recovery of bad sectors'). Upon rebooting the system and completing the operation, Windows ran completely fine in normal mode. Unfortunately for some reason I elected to restart the computer to confirm the status of the operating system and it crashed once more.
On July 25th I ran a second Check Disk operation and this time ran avast proper in Windows (normal mode), where a quick scan removed a number of malware and requested a scan upon rebooting the system. This boot-time scan turned up a few false positives and upon logging into my account on Windows 7, the computer arbitrarily decided my 2009-bought Windows 7 was suddenly no longer a genuine build. This was fixed with judicious use of Command Prompt, and there has been no BSOD since then (though I should add I haven't rebooted the OS since then either).
This is where I stand - my computer appears to be running adequately as it was beforehand. Malwarebytes is unable to detect any malware, avast scans are unable to detect any further infected files and even SUPERAntiSpyware scans bring up no notice of infected targets. However I'm getting recurring warnings from avast itself about two of my system files, services.exe and svchost.exe - there's eleven svchost.exe instances running in Task Manager and apparently at least one of them is attempting to open malicious URLs, marking it a malware process; services.exe seems to be behind the 8000000cb.@ file. I'm not sure how to repair either file and I don't really want to reboot into Normal Mode again if I can help it, given that it might cause a relapse.
EDIT: After putting my computer in hibernation mode I've discovered that the BSOD has returned. Rebooting the system results in "PAGE FAULT IN NON PAGED AREA" despite opening avast, Malwarebytes etc. Apparently only another Check Disk operation will keep the virus at bay, but I shouldn't have to boot out of Safe Mode and wait 4 hours to have to use my computer.
tl;dr
■Windows 7 normal bootup results in a BSOD "PAGE FAULT IN NON PAGED AREA"
■Windows 7 Safe Mode with/out networking does not result in a BSOD
■Running a CheckDisk operation then booting into Windows 7 normal does not result in a BSOD
■avast identifies C:\Windows\System32\svchost.exe and C:\Windows\System32\services.exe as processes generating malware on my system, but can't seem to identify them as threats during the actual scans and has no advice on either repairing those files or finding the actual malware masquerading as system files
Booting up Windows in Safe Mode seemed to have no problems so I scanned the system with Malwarebytes and avast antivirus. Malwarebytes found a file labelled "8000000cb.@" recurring within C:\Windows\Installer\{4f7fb296-fc38-4015-d4eb-0e728329a8fd}\U\ - though Malwarebytes quarantined and deleted the file it was recreated in the folder moments later. avast turned out a number of different results that were subsequently quarantined and stored in The Chest, but upon rebooting Windows BSODs were still the order of the day.
On July 24th I right-clicked C:\ > Properties > Tools > Error-checking and scheduled a Check Disk operation (ticking 'Automatically fix file system errors' and 'Scan for and attempt recovery of bad sectors'). Upon rebooting the system and completing the operation, Windows ran completely fine in normal mode. Unfortunately for some reason I elected to restart the computer to confirm the status of the operating system and it crashed once more.
On July 25th I ran a second Check Disk operation and this time ran avast proper in Windows (normal mode), where a quick scan removed a number of malware and requested a scan upon rebooting the system. This boot-time scan turned up a few false positives and upon logging into my account on Windows 7, the computer arbitrarily decided my 2009-bought Windows 7 was suddenly no longer a genuine build. This was fixed with judicious use of Command Prompt, and there has been no BSOD since then (though I should add I haven't rebooted the OS since then either).
This is where I stand - my computer appears to be running adequately as it was beforehand. Malwarebytes is unable to detect any malware, avast scans are unable to detect any further infected files and even SUPERAntiSpyware scans bring up no notice of infected targets. However I'm getting recurring warnings from avast itself about two of my system files, services.exe and svchost.exe - there's eleven svchost.exe instances running in Task Manager and apparently at least one of them is attempting to open malicious URLs, marking it a malware process; services.exe seems to be behind the 8000000cb.@ file. I'm not sure how to repair either file and I don't really want to reboot into Normal Mode again if I can help it, given that it might cause a relapse.
EDIT: After putting my computer in hibernation mode I've discovered that the BSOD has returned. Rebooting the system results in "PAGE FAULT IN NON PAGED AREA" despite opening avast, Malwarebytes etc. Apparently only another Check Disk operation will keep the virus at bay, but I shouldn't have to boot out of Safe Mode and wait 4 hours to have to use my computer.
tl;dr
■Windows 7 normal bootup results in a BSOD "PAGE FAULT IN NON PAGED AREA"
■Windows 7 Safe Mode with/out networking does not result in a BSOD
■Running a CheckDisk operation then booting into Windows 7 normal does not result in a BSOD
■avast identifies C:\Windows\System32\svchost.exe and C:\Windows\System32\services.exe as processes generating malware on my system, but can't seem to identify them as threats during the actual scans and has no advice on either repairing those files or finding the actual malware masquerading as system files
Facebook
Twitter
Instagram