Virus Removal Help -- Wininit
Started by
mcfarljd
, Oct 05 2010 08:07 PM
3 replies to this topic
#1
Posted 05 October 2010 - 08:07 PM
Register to Remove
#2
Posted 06 October 2010 - 01:15 AM
Hello mcfarljd and
My name is JonTom.
Lets get some system scans so we can get a better idea about what is going on.
If you encounter any difficulties with the scans come back and let me know.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please post the OTL logs and the GMER log in your next reply
My name is JonTom.
- Malware Logs can sometimes take a lot of time to research and interpret.
- Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
- Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
- Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
- PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Lets get some system scans so we can get a better idea about what is going on.
If you encounter any difficulties with the scans come back and let me know.
- Download and run OTL by Oldtimer
- Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
- Close all open windows on your computer then Double click on the OTL.exe icon to run the program.
- Check the boxes beside "LOP Check" and "Purity Check".
- Under Custom Scan paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
- Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
- When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
- Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.
- DeFogger
- Please download DeFogger to your desktop.
- Click on DeFogger to run the tool.
- The application window will appear.
- Click the Disable button to disable your CD Emulation drivers.
- Click Yes to continue.
- A 'Finished!' message will appear.
- Click OK.
- DeFogger will now ask to reboot the machine - click OK.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
- Please scan your system with GMER
Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please post the OTL logs and the GMER log in your next reply
Would you like to help others? Join the Classroom and learn how.
Member of UNITE
Proud Graduate of the WTT Classroom
Member of UNITE
Proud Graduate of the WTT Classroom
#3
Posted 09 October 2010 - 01:56 PM
Do you still need help?
Would you like to help others? Join the Classroom and learn how.
Member of UNITE
Proud Graduate of the WTT Classroom
Member of UNITE
Proud Graduate of the WTT Classroom
#4
Posted 12 October 2010 - 02:12 PM
Due to inactivity, this topic has been closed.
If you are the topic starter and need this topic reopened, please PM a staff member (include the address of this thread in your request).
Everyone else please start a new topic.
Would you like to help others? Join the Classroom and learn how.
Member of UNITE
Proud Graduate of the WTT Classroom
Member of UNITE
Proud Graduate of the WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users