laborday95
2009-09-25, 16:52
I am working on a DELL XPS 400 running Windows XP with service pack 3. I cannot run any of the programs requested in the "BEFORE YOU POST" section. They do not even install. No error message or anything, just nothing happens.
I initially thought it was Police Pro, and maybe that was the initial problem (my naive nephew was lured in by their panic popup), but further scrutiny has turned up other things. Initially I couldn't run any executables, but fixed that in the registry. I deleted all Police Pro related files and registry entries.
I did run GMER to take a look at things, but when I tried to run a full scan, got the blue screen of death. I rebooted, ran again, but did not do a full scan. I just looked at what it found initially. It found 2 services that I believe are the problem: SKYNET (the file is SKYNETuhqcyfma.sys) and UACd.sys (filename is UACysfpctceqs.sys). It says it has files in system32\drivers directory, but I cannot find them.
One post on another website forum I found says you have to use the Recovery Console to get rid of this. This is my brother-in-law's PC, and it did not come with an Operating System CD. It came with a nice piece of cardboard that says I don't need an O/S cd, just do a Dell PC restore. Well, the problem is I cannot backup their files/settings. When I try to do it through system utilities (File Transfer Wizard), it starts, but then gets killed in the process and low and behold, if I try to run it again, it tells me I "do not have appropriate permissions to access the item." :hair:
I am able to run GMER and Win32kDIag, but that's about it. Every other scan tool, you name it, it will not run.
Soooooooo my question is, is it possible to get rid of this nasty SKYNET UACd rootkit thing, or do I need to do a system restore and just lose all of my brother-in-law's data and settings?
Thanks in advance to any help or answers.
I initially thought it was Police Pro, and maybe that was the initial problem (my naive nephew was lured in by their panic popup), but further scrutiny has turned up other things. Initially I couldn't run any executables, but fixed that in the registry. I deleted all Police Pro related files and registry entries.
I did run GMER to take a look at things, but when I tried to run a full scan, got the blue screen of death. I rebooted, ran again, but did not do a full scan. I just looked at what it found initially. It found 2 services that I believe are the problem: SKYNET (the file is SKYNETuhqcyfma.sys) and UACd.sys (filename is UACysfpctceqs.sys). It says it has files in system32\drivers directory, but I cannot find them.
One post on another website forum I found says you have to use the Recovery Console to get rid of this. This is my brother-in-law's PC, and it did not come with an Operating System CD. It came with a nice piece of cardboard that says I don't need an O/S cd, just do a Dell PC restore. Well, the problem is I cannot backup their files/settings. When I try to do it through system utilities (File Transfer Wizard), it starts, but then gets killed in the process and low and behold, if I try to run it again, it tells me I "do not have appropriate permissions to access the item." :hair:
I am able to run GMER and Win32kDIag, but that's about it. Every other scan tool, you name it, it will not run.
Soooooooo my question is, is it possible to get rid of this nasty SKYNET UACd rootkit thing, or do I need to do a system restore and just lose all of my brother-in-law's data and settings?
Thanks in advance to any help or answers.