Virus help

webmonkeyuk · 12 Aug 2009 at 09:04

So it seems my pc has picked up a virus even though im running Nod32, it pops up with alittle box on startup saying its found it in the system memory and cant remove it. its in the quarantine and its \\?\globalroot\systemroot\system32\UACnkjmscnkyl.dll and its a variant of the Win32/Kryptik.ABC Trojan. any ideas how to get rid as Nod doesnt seem to beable to help

blastman · 12 Aug 2009 at 09:06

reboot in safe mode and try a full scan.

if that doesn't work, get you're self a rootkit remover (can be found for free on google) and let that have a go.

hope it helps

webmonkeyuk · 12 Aug 2009 at 09:10

will any rootkit software do or is there a good one i should look for? its a bit tricky surfing the net as the virus seems to be making IE go to random pages

blastman · 12 Aug 2009 at 09:28

can't seem to find my one...

here one i got off google..

http://www.megaupload.com/?d=I5RZX4O3

webmonkeyuk · 12 Aug 2009 at 11:25

ive ran about 4 different rootkit programs and some find more than others but non seem to remove the infected files. sophos found the most which was 8 but you need a key to remove them and im not paying £19 for that!

div0 · 12 Aug 2009 at 11:40

Download MalwareBytes, SuperAntiSpyware and Spybot Search+Destroy and install and update them.

Turn off System Restore on your drives.

Reboot to Safe Mode.

Full Scan with Nod, MalwareBytes, SuperAntiSpyware and Spybot and you should be able to remove it.

If that fails you could try googling ComboFix - but it's a powerful tool and should only be used if absolutely neccesary.

theheyes · 12 Aug 2009 at 16:33

You want to try rootkit revealer: http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx Trying to just find a random one on the Internet might just compound the situation.

For me personally it's beyond the point of no return and if you have the appropriate discs, consider formatting. If you don't have a complete backup I would definitely grab any files you value before trying to remove the virus - sometimes attempting to remove them can make your system completely unstable. Burn them to disc if you can; whatever might be on there could jump onto a USB stick and give you more grief. Ideally I would use a Linux live cd to recover the files and scan them for viruses.

Do you know how you got the virus in the first place?

webmonkeyuk · 12 Aug 2009 at 21:24

ive ran malwarebytes spybot and Combofix and it seems to have got rid of them sofar. I downloaded something lastnight but nod didnt warn me of anything id tried it on my laptop and im running avast on that and it warned me right away.