+- Sinisterly (https://sinister.ly)
+-- Forum: Computers (https://sinister.ly/Forum-Computers)
+--- Forum: Antivirus & Protection (https://sinister.ly/Forum-Antivirus-Protection)
+--- Thread: I've got a Problem (/Thread-I-ve-got-a-Problem)
I've got a Problem - PartyPaint - 07-31-2011
Okay White Hat's, my Problem is some sort of malware.
-when I log into my PC, a cmd window opens and ask me to
delete system32
-now I'm confused, because I found @ Google that system32.exe
could be a malware, because I have Vista, and there is no system32.exe
I think, Vista has explorer.exe
-I scanned for Malware with Avira and HiJack.
Result: 0 Malware
-It's horrible, why would cmd autostart and ask for deleting
system32, if system32 is Virus, or is it not a virus?
It's quite a bit confusing for you, I know, but everyone who understands
my problem and solves it, get +rep from me.
thanks
RE: I've got a Problem - ♠J0K3R♠ - 07-31-2011
Ahh this is a little batch virus i think. I will write a guide to remove asap.
Download following and scan.
(Remember not to delete you own stuff if you got anything that is considered a virus.)
[link=http://www.surfright.nl/en/downloads]Hitman Pro 3.5 [/link]
[link=http://www.malwarebytes.org/products/malwarebytes_free]Malwarebytes Anti-Malware Free[/link]
[link=http://security.symantec.com/nbrt/npe.aspx?lcid=1033]Norton Power Eraser [/link] (Has false positives if you have cracked software/homemade shortcuts etc.)
In vista try looking at these paths (you might need to enable ''show hidden files'')
C:\Users\[USERNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\AllUsers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Try this.
Go to Regedit.
For Local Machine-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
For Current User-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Or this.
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\
If none above works.
[link=http://is.gd/NItN5O]GMER - Anti-Rootkit Tool[/link]
If this doesn't solve the problem then pm me. But im 99,0% sure it will :thumbs:
RE: I've got a Problem - PartyPaint - 07-31-2011
You're awesome, gave me a full Tutorial for that and the tools are very usefull too.
This little batch and some other malware I found with this tools are deleted.
+rep
RE: I've got a Problem - ♠J0K3R♠ - 07-31-2011
(07-31-2011, 01:16 PM)Pwnisher Wrote: You're awesome, gave me a full Tutorial for that and the tools are very usefull too.
This little batch and some other malware I found with this tools are deleted.
+rep
Thanks. And im glad to help.
RE: I've got a Problem - Jacob - 07-31-2011
send a private message to me, if you still need help in about 4 hours. i'll be able to help you, oh and DONT delete the system32 file. system32 is good (im sure, i dont know vista all too well)