New
#1
PC running slowly after BSOD, rootkit/malware suspected
Hi everyone absolute newbie here
So just this day i was working on my thesis and i had to use a friend's flash drive cause our files were in there, so
i scanned it thoroughly first with Malwarebytes and Avast, and it showed no viruses.
But after i finished my work and i started scanning my own computer with AV and aswMBR, aswMBR crashed and i was shown a bluescreen with an error CRITICAL_STRUCTURE_CORRUPTION.
I had absolutely no clue that it would happen.
The results with WhoCrashed were:
On Sun 8/20/2017 3:48:04 PM your computer crashed
crash dump file: C:\WINDOWS\Minidump\082017-32578-01.dmp
This was probably caused by the following module: aswmbr.sys (aswMBR+0x1569)
Bugcheck code: 0xC4 (0xF6, 0x1C8, 0xFFFFE00190B97080, 0xFFFFF801246D1569)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
Bug check description: This is the general bug check code for fatal errors found by Driver Verifier.
A driver references a user-mode handle as kernel mode. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmbr.sys .
Google query: aswmbr.sys DRIVER_VERIFIER_DETECTED_VIOLATION
On Sun 8/20/2017 2:10:10 PM your computer crashed
crash dump file: C:\WINDOWS\Minidump\082017-23421-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1429F0)
Bugcheck code: 0x109 (0xA3A01F59BFF764F1, 0xB3B72BE01278371E, 0xFFFFD00173A8D930, 0x2)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Sun 8/20/2017 2:10:10 PM your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x109 (0xA3A01F59BFF764F1, 0xB3B72BE01278371E, 0xFFFFD00173A8D930, 0x2)
Error: CRITICAL_STRUCTURE_CORRUPTION
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
So i searched it up and it appeared that the others had rootkits while experiencing the same problem. I checked with FRST,DDS GMER, and RogueKiller on safe mode and GMER had no problems,Roguekiller just detected YTD downloader as an adware but i've been using it for months now and i have no problem with it.
(FRST logs are attached)
The thing is i still don't know the cause of that extremely random BSOD cause all i did was write my documents, and i even reinstalled my graphics driver just to be sure.
So far after the BSOD, everything on my desktop is laggy and slow, refreshing takes 2 seconds, opening files takes 2-5 seconds. but on safe mode everything seems to work fine.
Any help would be appreciated cause i still don't know everything about these things.
HUGE thanks. (and sorry if this is on the wrong forum)
Quote
Note
