I am having the same problem. How do we go about it now?
I am having the same problem. How do we go about it now?
We try this:
Open notepad and copy/paste the text in the codebox below into it:
Save this as "CFScript"Code:Rootkit:: C:\WINDOWS\System32\drivers\51a3f7fb.sys Driver:: 51a3f7fb
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Okay I did exctly what you told me and this is what happened
I draged onto combofix and it got this message.
'c.bat' is not recognized as an internal or external command, operable program or batch file.
I even tryed reinstalling combofix and it still does this. I even turned off my firewall.
It even does it if I dont even drag the script file over.
What steps do we take now??
Download Avenger by Swandog and unzip it to your Desktop.
Note: This program must be run from an account with Administrator priviledges.
- Open the Avenger folder and double click Avenger.exe to launch the program.
- Copy the text in the code box below and Paste it into the Input script here: box.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.Code:Files to delete: C:\WINDOWS\System32\drivers\51a3f7fb.sys Drivers to delete: 51a3f7fb
- Ensure the following:
- Scan for Rootkits is checked.
- Automatically disable any rootkits found is Unchecked.
- Press the Execute key.
- Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
- Post the log back here please. (it can also be found at C:\avenger.txt)
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Damnit!! Why do none of these programs want to work?
I 2x clicked on avenger and this is what happened
Error: Could not get SE_Shutdown privilege. (Error 5: access is denied)
When I click the okay button it opens avenger where i can input the information. Do you want me to continue?
Yes, you can try to continue.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Okay here we go more problems
First error
Error: Can not open file 'C:\WINDOWS\system32\drivers\daip.sys'(error 5:acess is denied)
Second Error
Error: Could not open driver file.
Aborting execution! (error 6: the handle is invalid.)
Awaiting your instruction.
It looks to me that account is corrupted.
See here how to create a new admin account and try to run avenger in that account, please.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
I created a new account with admin rights and switched to that user. I redownloaded avenger and when I went to run it I got the same problems and errors.
Next we try recovery console.
Restart your computer and choose recovery console
Type cd C:\WINDOWS\System32\drivers\ and hit enter
then del C:\WINDOWS\System32\drivers\51a3f7fb.sys /a /f /q and hit enter.
then exit and enter.
If it worked, re-run gmer and post back its log please.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006