10 replies to this topic

[hork]

As seems to be the case with most posts on this board, I too have been hit by whatever it is that prohibits all anti-spyware, and anti-virus software from running. In addition I've lost many of the system exe files (i.e., sysrestore, regedit, and msconfig). I've attached a Win32k log as I am unable to load and run hijack this. Thank you for any and all help that anyone can offer.

Attached Files

•  Win32kDiag.txt   4.68K   30 downloads

[LonnyRJ]

Welcome to the forum hork

Go start run copy then paste in the line below and press enter
"%userprofile%\desktop\Win32kDiag.exe" -r -f
A log should open when it is finished, post it please.

~~~~~~~~~~~~
Visit the webpage below for instructions for downloading and running ComboFix:

But proir to running Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This is because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it.
Please visit HERE if you don't know how. http://www.bleepingc...opic114351.html

http://www.bleepingc...to-use-combofix

Post combofix's log which will open automaticly when complete, if not it is located here. C:\combofix.txt
Note: If windows auto-update comes up cancel it for now.
For others looking for a solution, please do not try my advice to this user, post for help yourself.

[hork]

Thank you Lonny,

I tried to follow your instructions. I was able to download and install combofix and run it one time. It installed the windows recovery console and then proceeded to start a scan. It identified the following files and asked me to write them down as it needed to reboot the computer at this point:

C:\windows\system32\sdra64.exe
C:\windows\system32\SKYNETrotycsrk.sys
C:\windows\system32\SKYNETjebuykyt.dll
C:\windows\system32\SKYNETjbawqfxa.dat
C:\windows\system32\SKYNEThnqjnlpw.dll
C:\windows\system32\SKYNETrotxaqly.dat
C:\windows\system32\SKYNETafblyowu.dll Rootkit


After the reboot combofix will no longer run. It starts up but shuts down immediately prior to any scanning (just like all the rest of my anti-anything files). There is nothing in the log except the following.

File "C:\ComboFix\MT_eventlog.dll.tmp" added successfully

That is the only entry in the Combofix log.

I did rerun the Win32k scan and am attaching the new log here.

Thank you again for your assistance.

Attached Files

•  Win32kDiag.txt   4.46K   33 downloads

[LonnyRJ]

It appears you did not run Win32kDiag as suggested

Go start run copy then paste in the entire line below and press enter
"%userprofile%\desktop\Win32kDiag.exe" -r -f
A log should open when it is finished, post it please.

[hork]

Sorry I did a double click on the icon, hence the need to read instructions i guess. Anyway, I did as you instructed and am posting the log here.

Attached Files

•  Win32kDiag.txt   45.83K   22 downloads

[LonnyRJ]

Ok, now delete the copy of combofix you have and repeat those instructions.

[hork]

LonnyRJ, on Sep 16 2009, 03:42 PM, said:

Ok, now delete the copy of combofix you have and repeat those instructions.

still no good. i deleted the copy i had. redownloaded and tried to run again. it appeared to load but then shut down. i tried the process again with a reboot in between and still nothing.

i'm sorry i don't mean to be difficult.

[LonnyRJ]

No problem at all

Try renaming combofix.exe to combo-fix.com
First go into folder options > view tab and ensure [ ] hide extension for known file types is unchecked.

[hork]

you indeed have the patience of a saint and i'm sure i'm trying them.

i did as you suggested (renaming it with .com). when i first ran it is printed the following in a message box.

"Some files could not be created. Please close all applications. reboot Windows, and restart this installation."

I did as it suggested and then tried to re-run it. I get as far as the green status bar filling up on load then it simply quits running and shuts down.

[LonnyRJ]

Please download The Avenger2 by SwanDog46. http://swandog46.gee...com/avenger.zip
Unzip avenger.exe to your desktop.
Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
(dont include the word code)

Comment:
begin copy here
files to move:
C:\WINDOWS\SYSTEM32\DLLCACHE\eventlog.dll | C:\WINDOWS\SYSTEM32\eventlog.dll

Now start The Avenger2 by double clicking avenger.exe on your desktop.
Read the prompt that appears, and press OK.
Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
(what you pasted in must be at the very top) Press the "Execute" button.
You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.

Note: It is possible that Avenger will reboot your system TWICE.
Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open.
Please paste that log here in your next post.

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.