Jump to content

Build Theme!
  • Infected?


Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92780 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


[Closed] Virus or Scarware Take Over

  • This topic is locked This topic is locked
4 replies to this topic

#1 Kalena


    New Member

  • New Member
  • Pip
  • 1 posts

Posted 13 October 2009 - 05:38 PM

I am have been trying to fix my parents computer with no luck - here are the various problems: 1) windows police pro 2) advanced virus removal 3) enigma software these seem to have totally hosed the computer - they use norton but it is totally disabled, along with task manager and regedit. I was able to use a cleanup to finally get to task manager and regedit and I was able to remove the entries in for the three programs listed but I still cant run notorn to clean things up. other mysterious files that i am unable to remove in the windows\system32 are winhelper.dll and gp8ur.dll I can only boot into safe mode and when I try to boot normally I get the unexpected error code 1073741482 error - I saw another person with that error and ran the scan you had posted win32kdiag.exe attached are the results. -- Help!! Kalena

Attached Files


Register to Remove

#2 OCD



  • Malware Team
  • 5,574 posts

Posted 13 October 2009 - 08:04 PM

Hello Kalena,
Welcome to What the Tech.
My name is OCD, I will be helping you with your log today.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

I am checking over your Win32kDiag log now, I will post back shortly with instructions.

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 OCD



  • Malware Team
  • 5,574 posts

Posted 14 October 2009 - 10:31 AM

Hello Kalena,
  • You may want to print out these instructions for reference prior to proceeding.
  • This solution is specifically tailored for this particular problem, please do not attempt to use this solution on another computer.
  • If you have any questions, or are uncertain about any steps please ask 'before' proceeding.
- - - - - Next - - - - -

We need to run the Win32kDiag tool with the following command to fix some malware related changes.

  • Click on Start -> Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

    "%userprofile%\desktop\win32kdiag.exe" -f -r

  • When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
- - - - - Next - - - - -

  • Click Start > > Run
  • Type: notepad and press enter.
  • Once notepad is open, copy and paste the below lines into notepad.

    @echo off
    sc config eventlog start= disabled
    del %0

  • Click File and click Save; save the file to your desktop. Name the file, "eventlog.bat", and if your version of Windows has a "Save as type" option, choose "All files", otherwise it will save as a text file. Once all of this has been done click the Save button and exit notepad.
  • Now, to run the batch file, simply double-click or run the file like any other program. It should look like this: Posted Image Once the batch file has completed running it will close the window automatically.
- - - - - Next - - - - -

Reboot in Safe Mode with Networking:
  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc.
    At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode with Networking using the arrow keys.
  • Then press enter on your keyboard to boot into Safe Mode.
- - - - - Next - - - - -

Please download DDS from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
- - - - - Next - - - - -

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

- - - - - Next - - - - -

On your next post please provide the following:
  • Win32kDiag.txt log
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
  • Gmer.txt


Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#4 OCD



  • Malware Team
  • 5,574 posts

Posted 17 October 2009 - 09:40 AM

Hello Kalena, It's been a few days, I was just checking to see if you still needed assistance?

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#5 oldman960


    Forum God

  • Retired Classroom Teacher
  • 14,755 posts

Posted 20 October 2009 - 06:24 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users