Logs from 8th step

By weedyreedy
Sep 10, 2009
  1. My google search result links were redirecting. It stopped after the doing the 8 steps on monday. However, this morning it started doing it again.

    I just finish going through the steps again. It seems fine now, but I'd like to get rid of it permanently.

    Thank-you so much.
  2. weedyreedy

    weedyreedy TS Rookie Topic Starter

    Here are my logs.
  3. Zyldar

    Zyldar TS Rookie Posts: 34

    The Superantispyware log shows that you were and may still be infected with a Skynet.sys virus.

    It normally places 4 files in c:\windows\system32
    and 1 file in c:\windows\system32\drivers\

    Note: all of the skynet file names will start with Skynet####.sys or .dat or .dll
    (#### represents numbers or letters)

    they can easily be deleted in Recovery Console OR you can run a program which will schedule them to be deleted upon reboot.

    Write down this file name on paper so that you can type in the exact path & file name in Killbox:

    Download killbox and run it.
    Select the bullet for: Delete on Reboot
    Click on the Delete file button (to the right of where you typed in c:\windows\.....)
    (The delete file button looks like a white X in a Red circle)
    Click YES to reboot now.

    When the system reboots (normally in Windows - not safe mode), you should run another Superantispyware scan and post the log.

    You should also verify that no other skynet files exist in your system by running a rootkit detector.
    You can 1 or both of these:

    Hope that helps.
  4. weedyreedy

    weedyreedy TS Rookie Topic Starter

    I have the SKYNET

    I ran super anti-spy and the Trend micro root-kit. There were five 'hidden' files that the root kit program wouldn't remove. Will these re-infect me?
  5. weedyreedy

    weedyreedy TS Rookie Topic Starter

    I'm not having any luck uploading those 2 logs.
  6. weedyreedy

    weedyreedy TS Rookie Topic Starter

    The manage attachments button is unresponsive.
  7. Zyldar

    Zyldar TS Rookie Posts: 34

    Were the 5 hidden files identified by path & name (i.e. c:\windows\system32\skynet.dat)?

    You're still infected and need to remove those files.
    Write down on paper the exact path & file names found.

    You can use Killbox or boot to Recovery Console to remove them.

    Please report back with the Path & File names found.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...