Ok I need some assistance in removing the sofatnet.exe trojan that is on my grandpa's desktop computer. I am on my laptop right now because his computer isn't able to get online, actually it just starts up and there is nothing on the desktop whatsoever. I can do Ctrl+Alt+Del and I see the sofatnet.exe running also two others called something wi32.sys and wiwow64.exe. I read up on the wiwow64.exe and it's associated with dvdpaly.exe, I know i'm wrong about the wi32.sys because I wrote it down and don't have the paper in front of me so that's not the exact filename but it's close. When I open the task manager it doesn't have explorer.exe loaded so I try and load it and a Open with box opens up almost like it doesn't recognize explorer.exe. I tried to open spybot search and destroy through task manager and got the same thing, as well with cmd and msconfig. And I tried to go into safe mode and got the same results, so any help would be appreciated. Thanks.

Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.