Repeated 'Trojan Horse Blocked' / 'Malicious URL' alerts

[jesamine]

I've done a search and found this, which seems *SIMILAR BUT MAY NOT BE EXACTLY THE SAME*

A problem has been detected and Windows has been shut down to prevent damage
to your computer.

Driver IRQL not less or equal. (that was there)

If this is the first time you've seen this stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use safe mode to remove or disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical Information:

*** STOP: 0x00000018 (0x00000000, 0x86f0e908, 0x00000002, 0xffffffff)

*** fltmgr.sys - Address 0x87fc79ec base at 0x87fc0000 DateStamp 0x4a5bbf11

<Original title - BSOD>

I'm too afraid to do any more scans at present, as it was the scans that triggered these crashes....OTL caused a black screen with no message crash, which I've not had before and the first blue screen shutdown I've ever had, with message similar to above, happened while GMER Rootkit Scanner was running, so I want to remove that first please....can you tell me how to do it. Thanks, as always.  I'm really worried....as you know I can't use System Restore or safe mode.

*I checked for Windows updates a couple of days ago, said no essential ones were needed.

[jeffce]

Ok....If you run the following instructions you will remove GMER, OTL and many other files from programs we have used.  Anything else that you see that was related to what we did here you can just send to the Recycle Bin for deletion. 

Clean up with OTL:

• Double-click OTL.exe to start the program.
  
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
  
• Say Yes to the prompt and then allow the program to reboot your computer.
  

----------

[jesamine]

Done - re-booted normally and quicker than the last few times - it has been acting strange at start-up. Shall I monitor this for a few days and let you know if the shutdown occurs again?

[jeffce]

Sure...that sound just fine. 

[jesamine]

Hi, I'm afraid I had the BSOD again this morning with the: Driver IRQL not less or equal cause given. I have read elsewhere that the GMER Rootkit Scanner can cause this problem, particularly in older systems. Re:

Please download TDSSKiller.zip

    Extract it to your desktop
    Double click TDSSKiller.exe
    when the window opens, click on Change Parameters

Would you kindly tell me what the 'Change Parameters' actually does?

I want to be able to use Safe Mode so I can select the Last Known Good Configuration option from the Windows Advanced Options menu, but as you know I can't....




 

[jeffce]

Hi,

Driver IRQL not less or equal cause given. I have read elsewhere that the GMER Rootkit Scanner can cause this problem, particularly in older systems

This is normally a problem with one of the drivers on your system that probably needs updating or a reinstallation.  You might try looking in Device Manager to see if any of the drivers have any warnings active right now and that may be your problem.

Would you kindly tell me what the 'Change Parameters' actually does?

This is only changing what it is that the scanner is looking at and not actually changing anything on the system.  TDSSKiller won't do anything to your system that we don't tell it to do. 

[jesamine]

Okay....I might ask for suggestions on Microsoft Answers....I'll give you any worthwhile update if you wish? I want to take this opportunity to thank you again for your help, time and patience. 

[ligersandtigers]

Hi,

I'm not getting that virus notification when I go to those MySpaces anymore.  Are you?

[jesamine]

  !!!! No....well, who rectified that I wonder? Yesterday it was there, just now not and it has been going on for months.

HOORAY - I hope it lasts - was driving me crazy.

Now all I need is someone to help me with the keyboard issue and BSODs....

[jesamine]

Did the lovely jeffce step outside his line of duty and correct that?

[jeffce]

Hi,

So what problems are you having with your keyboard exactly?

Were you ever able to run HDTune after I gave the instructions for that? 

[jesamine]

Hi,

Sorry, missed this:

Quote

Driver IRQL not less or equal cause given. I have read elsewhere that the GMER Rootkit Scanner can cause this problem, particularly in older systems

This is normally a problem with one of the drivers on your system that probably needs updating or a reinstallation.  You might try looking in Device Manager to see if any of the drivers have any warnings active right now and that may be your problem.

I had a look, but couldn't see any warnings....could it still be the case though?

Found this:

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.

http://www.computing.net/answers/windows-xp/driver-irql-not-less-or-equal/142741.html

Remember the OTL Extras.Txt:

ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected  address range. This could lead to system instability.

Are those two linked?

I've read that a Clean Boot might rectify this issue, trouble is I'm not confident carrying out this type of work and I'm worried I may make things worse and lose the computer altogether.

[jesamine]

http://support.microsoft.com/kb/283649

"ACPI BIOS is attempting to write to an illegal IO port address" error message when you open the event viewer

This behavior may occur if your computer's basic input/output system (BIOS) tries to write to one of the earlier ports by using an AML [Advanced Configuration and Power Interface (ACPI) Machine Language] System IO operation region. Your try may be blocked by Microsoft Windows XP because accessing these ports by using this mechanism is considered dangerous and can cause system instability. This feature is designed to improve the stability of your computer's operating system.

Because the original operating system was not XP?

If I get the BSOD again, I'll write down the most important codes. I'm too afraid to run any more scans at present.

[jeffce]

Ok yes please write down any specific information shown. 

I am going to try to have a more "tech" person look at the logs. 

[jesamine]

You're very helpful and kind - thank you.