# New hard drive won't help--BIOS virus?



## Portac (Jan 12, 2010)

I believe my daughter got something on her computer. It started with security alerts from Norton and Windows. Evidently it graduated to the point that Norton will not load up. MBAM would not install even if I changed the program name. As I have been down this road before, I put in the Windows XP disk and rebooted with the intention of reformatting and reinstalling the OS. I get a blue screen saying "A problem has been detected and Windows has been shut down to prevent damage to your computer" and then it instructs me to run chkdsk /F. Since I the hard drive on this computer was a bit small anyway, I bought a new 1TB hard drive. I started up the PC with the XP install disk and I get the same blue screen message. I checked the XP install disk with another PC to see if the virus had written something on the disk, but it doesn't look like the dates on any of the files were updated.
Could this be a BIOS virus? Maybe something got written on the XP install disk that I can't detect? Thanks for your help


----------



## 2xg (Aug 5, 2009)

Hello and welcome to TSF!

What is the computer's brand? Dell, HP, Lenovo etc. Do you have all the CD's that came with the computer? 

Verify that you are using a valid (Genuine) Windows XP CD.

Updating the Bios might help also.


----------



## Portac (Jan 12, 2010)

I reinstalled the original hard drive and I did get MBAM to run.
Here is the report:

********************************************************************************
**
Malwarebytes' Anti-Malware 1.44
Database version: 3552
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/12/2010 8:00:21 PM
mbam-log-2010-01-12 (19-59-57).txt

Scan type: Quick Scan
Objects scanned: 131689
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\H8SRTgpkiorybme.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\H8SRTgpkiorybme.dll (Trojan.Vundo) -> No action taken.

*******************************************************************************

MBAM is not removing the virus as I get the same thing when I reboot and rerun MBAM.
I downloaded Norton's Trojan.Vundo removal tool (Fix Vundo) and I get the following report:


*******************************************************************************
Symantec Trojan.Vundo Removal Tool 1.5.1
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.

C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: (not scanned)
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: (not scanned)
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine: (not scanned)
C:\System Volume Information: (not scanned)

Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 73154
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral processes suspended: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0
********************************************************************************


But this is not fixing the problem as when I rerun MBAM it still identifies the same problem.
The computer is a Dell Dimension E520 with Windows XP home edition. I do not have the original CD's that came with the computer.


Thanks for your help.


----------



## 2xg (Aug 5, 2009)

It looks like that your computer is still infected, although I didn't ask you to Post the results of the MBAM and your Anti-Virus software.

Please follow this pre-posting process outlined:

http://www.techsupportforum.com/f50...-posting-for-malware-removal-help-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic in the Virus/Trojan/Spyware Help.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply. 

If they can't help you they might re-direct you back here to the Networking Forums.

Goodluck!


----------

