My daughter's computer had the BSOD Bad_Pool_Header
Booted in safe mode and found Distributed 10005 in the error logs. Research on the internet suggested a virus ... but wait I installed Norton Security Suite on it 2 weeks ago and cleaned up the viruses.
After spending 2 days booting with and without some of her startup programs, I finally decided to follow the advice on the web forum.
Combofix found and fixed some problems www.bleepingcomputer.com/download/anti-virus/combofix but there were still problems. I could now boot in normal mode but Norton would not work and I could not remove it to reinstall.
Dr Web www.drweb-online.com/ identified the problem as Backdoor.TDSS.565 but could not remove it.
I downloaded Norton FixTDSS and identified it as Backdoor.tideserv!inf in file Volsnap.sys but could not remove it and when I attempted to go to the help section I would get an error that Google Chrome had a problem and had to shut down.
Somewhere on this forum I found a link for Kapersky TDSSKiller which fixed the problem ... I hope.
I was able to remove the old Norton that still would not work and am in the process of downloading updates and running a comprehensive scan with a new version on Norton Security Suite.
The only thing I can figure is that the Rootkit virus was already embedded in the system the first time I loaded Norton.
Are you running NIS or comcast norton security suite? Which program and what is the version of the program please?
Once we know your computer is completely clean, then we can help you to install the Norton program and if you don't have the newest version, then we can help you update to that version. Thanks.
Your suspicion is correct, in that loading an antivirus product into a machine infected with a rootkit is often not successful. Norton products are also not allowed to removed infected system files, usually driver files. If certain critical files are removed, the machine will become unbootable. The infected files have to be swapped with uninfected files.
Combofix can also be risky to use at times, which is why there are a number of warnings about its use. If you have any more issues, please get some assistance from the experts on the malware removal forum on Bleeping.
My main system has been running Norton 360 for about 6 months now with no problems. My daughter system had an outdated version of Avast before I loaded Norton Security Suite from Comcast. As soon as I get her Google Chrome working again I will check the various malware sites to do a complete scan of her system.
Thank you to all for the assistance and will let you know how thing proceed.
Once the computer is cleaned up, we will have to make sure that Avast has been removed properly also before you reinstall a fresh install of Comcast Norton Security Suite back.
After running the full version of Kapersky, RootRepeal, Combofix, Dr Web cure it, and Norton Power Eraser with no problems found, I am ready to call this virus episode as cured.
I have made sure that all traces of Avast, Norton, and Kapersky have been removed from the hard drive and registry.
I reloaded a fresh copy of Norton Security Suite and no problems reported.
My daughter's computer had the BSOD Bad_Pool_Header
Booted in safe mode and found Distributed 10005 in the error logs. Research on the internet suggested a virus ... but wait I installed Norton Security Suite on it 2 weeks ago and cleaned up the viruses.
After spending 2 days booting with and without some of her startup programs, I finally decided to follow the advice on the web forum.
Combofix found and fixed some problems www.bleepingcomputer.com/download/anti-virus/combofix but there were still problems. I could now boot in normal mode but Norton would not work and I could not remove it to reinstall.
Dr Web www.drweb-online.com/ identified the problem as Backdoor.TDSS.565 but could not remove it.
I downloaded Norton FixTDSS and identified it as Backdoor.tideserv!inf in file Volsnap.sys but could not remove it and when I attempted to go to the help section I would get an error that Google Chrome had a problem and had to shut down.
Somewhere on this forum I found a link for Kapersky TDSSKiller which fixed the problem ... I hope.
I was able to remove the old Norton that still would not work and am in the process of downloading updates and running a comprehensive scan with a new version on Norton Security Suite.
The only thing I can figure is that the Rootkit virus was already embedded in the system the first time I loaded Norton.