Skynet (.sys) virus in system32 drivers is creating problems

By sunshine24
Jun 23, 2009
  1. Hi
    This is my first post to this expert forum.I uses avast 4.8 protection.
    Now suddenly one day i started facing virus alerts from avast like this C:\WINDOWS\system32\drivers\SKYNET tysdulhn.sys (type=hidden file and hidden services).There is also another affected file which it reports and it is C:\WINDOWS\system32\vlelskbq.dll(deleted using ERD commander but still comes up after restart).There are also other irritating symptoms of virus infection like

    *sometimes pc restarts itself suddenly without any warnings
    *i have to wait long time before i could start working just after windows loads up as one svchost process takes some memory.:mad:
    *sometomes taskbar changes to classic and then back to normal.
    *firewall switches off and i have to restart to make it on

    I have not ever faced such serious infection ever:confused: . Please help and give some assistance
  2. ChrisDown

    ChrisDown TS Rookie Posts: 125

    Hi, would you please do the 8 steps listed and post back the logs? Thanks.
  3. Solaris71

    Solaris71 TS Rookie

    SKYNET virus..Judgement day has occured :(

    Hey i'm have the same problems as the person above. I'm using AVG 8.5. Last night when I came back from work and got on my computer..minutes later avg resident shield pops up and out of nowhere my laptop shuts off and restarts and repeats itself unless I boot in safe mode. I followed the 8 steps that's been posted. If you can plzzzzzz help me out with this. I haven't done a backup and I can't restore my computer ( I thought I had a restore point saved, turns out i don't). I would rather not lose everything that I have on my computer. PLZ Save me..TIA. Here are the logs from Hijack, MBAM, and SuperAntiSpyware.
  4. Solaris71

    Solaris71 TS Rookie

    By the way im new to this site..first time doing something like this
  5. Zyldar

    Zyldar TS Rookie Posts: 34

    Skynet.sys is located in c:\windows\system32\drivers. you need to boot to Recovery Console to delete it. This virus also runs in SAFE MODE and may crash repair tools & software which makes cleaning very difficult.

    If your XP Boot options (F8 on bootup) don't allow you to boot to recovery console, you can use an XP Installation CD to boot from. Press R for repair when the option comes up. It won't reformat or re-install Windows unless you skip pressing R (repair). When the DOS prompt comes up on the screen, choose the WINDOWS folder by pressing 1 or 2 or 3 on the keyboard (1. Windows). It might prompt you for an Administrator Password - just press Enter. If it won't let you login, then you'll have to reboot to SAFE MODE and make a change in the Registry.

    Removing the Administrator login password for Recovery Console.
    1. Boot to SAFE Mode in Windows XP.
    2. run REGEDIT
    3. using your mouse, open the tree heirarchy structure until you see:
    hkey_local_machine\software\microsoft\Windows NT\currentversion\setup\RecoveryConsole
    4. On the right side: Double left click on: SecurityLevel and change the value to 1
    5. Double left click on: SetCommand and change the value to 1

    Now reboot from the Windows CD and press R for repair to boot to the Recovery Console.

    From the DOS prompt window in Recovery console:
    cd windows\system32
    dir skynet*.*
    del SKYNET1234.dat etc.. (they'll be 5 files or so with different names ending in .dat or .dll)
    you'll have to delete 1 file at a time - delete them all.
    cd drivers (c:\windows\system32\drivers)
    dir skynet*.*
    del SKYNET.SYS and all other skynet files if they exist.
    Remove the CD & Reboot normally

    Download, install, update, & run: Malwarebytes, spybot s&d, & Rootkitbuster


    Hope that helps.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...