Hi,
Did you try to run SystemLook in both normal and safe mode? If not please try it in the one you didn't try yet.
Hi,
Did you try to run SystemLook in both normal and safe mode? If not please try it in the one you didn't try yet.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Blade,
I did run systemlook in different modes including different users. Nothing came of it but the same warning as before.
Thank you
John
Hi,
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
PEV -filelook %windir%\VolSnap.sys >LogIt.txt
START LogIt.txt
DEL %0
Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Blade,
I just got off the road and I am leaving my office to head home, the infected computer is my home desktop and as soon as I get there I will run that.
Thanks
John
Ok, thanks for the heads up
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Blade,
This was tricky moving from one machine to the other . At first it would not take then it changed the name from fix.bat to logit.txt. I think it is what you want.
Thank you
John
Hi,
Following instructions assume you have recovery console installed (there should be microsoft recovery console option selectable when you boot the system). Please print/save these so you have access to them while system is not online.
1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:
copy C:\WINDOWS\system32\drivers\volsnap.sys C:\WINDOWS\system32\drivers\volsnap_old.sys
You should see "1 file(s) copied." message as an output. Let me know if something else happened.
6. At the next prompt, type the following bolded text, and press Enter (allow overwriting when prompted):
copy C:\WINDOWS\system32\dllcache\volsnap.sys C:\WINDOWS\system32\drivers\volsnap.sys
Again, the same thing should happen as after the previous step.
7. If no issues with that then at the next prompt, type the following bolded text, and press Enter:
exit
Windows will now begin loading. Please run GMER again and post back its report.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Blade,
I am there and I typed as directed, there is a space between copy C:WINDOWS or is copy not typed please advise also is there a space between commands
I am sorry this is new to me
Thank you
John
Hi,
Bolded commands should be typed as written there. Copy word is part of the command there.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Blade,
I have finished commands and nothing except as you mentioned . I am at gmer any special setting to run
Thank
John