Skynet (.sys) virus in system32 drivers is creating problems

Status
Not open for further replies.
Hi
This is my first post to this expert forum.I uses avast 4.8 protection.
Now suddenly one day i started facing virus alerts from avast like this C:\WINDOWS\system32\drivers\SKYNET tysdulhn.sys (type=hidden file and hidden services).There is also another affected file which it reports and it is C:\WINDOWS\system32\vlelskbq.dll(deleted using ERD commander but still comes up after restart).There are also other irritating symptoms of virus infection like

*sometimes pc restarts itself suddenly without any warnings
*i have to wait long time before i could start working just after windows loads up as one svchost process takes some memory.:mad:
*sometomes taskbar changes to classic and then back to normal.
*firewall switches off and i have to restart to make it on

I have not ever faced such serious infection ever:confused: . Please help and give some assistance
 
SKYNET virus..Judgement day has occured :(

Hey i'm have the same problems as the person above. I'm using AVG 8.5. Last night when I came back from work and got on my computer..minutes later avg resident shield pops up and out of nowhere my laptop shuts off and restarts and repeats itself unless I boot in safe mode. I followed the 8 steps that's been posted. If you can plzzzzzz help me out with this. I haven't done a backup and I can't restore my computer ( I thought I had a restore point saved, turns out i don't). I would rather not lose everything that I have on my computer. PLZ Save me..TIA. Here are the logs from Hijack, MBAM, and SuperAntiSpyware.
 
Skynet.sys is located in c:\windows\system32\drivers. you need to boot to Recovery Console to delete it. This virus also runs in SAFE MODE and may crash repair tools & software which makes cleaning very difficult.

If your XP Boot options (F8 on bootup) don't allow you to boot to recovery console, you can use an XP Installation CD to boot from. Press R for repair when the option comes up. It won't reformat or re-install Windows unless you skip pressing R (repair). When the DOS prompt comes up on the screen, choose the WINDOWS folder by pressing 1 or 2 or 3 on the keyboard (1. Windows). It might prompt you for an Administrator Password - just press Enter. If it won't let you login, then you'll have to reboot to SAFE MODE and make a change in the Registry.

Removing the Administrator login password for Recovery Console.
1. Boot to SAFE Mode in Windows XP.
2. run REGEDIT
3. using your mouse, open the tree heirarchy structure until you see:
hkey_local_machine\software\microsoft\Windows NT\currentversion\setup\RecoveryConsole
4. On the right side: Double left click on: SecurityLevel and change the value to 1
5. Double left click on: SetCommand and change the value to 1

Now reboot from the Windows CD and press R for repair to boot to the Recovery Console.

From the DOS prompt window in Recovery console:
cd windows\system32
dir skynet*.*
del SKYNET1234.dat etc.. (they'll be 5 files or so with different names ending in .dat or .dll)
you'll have to delete 1 file at a time - delete them all.
cd drivers (c:\windows\system32\drivers)
dir skynet*.*
del SKYNET.SYS and all other skynet files if they exist.
Remove the CD & Reboot normally

Download, install, update, & run: Malwarebytes, spybot s&d, & Rootkitbuster

Downloads:
malwarebytes.org/
safer-networking.org/en/download/index.html
free.antivirus.com/clean-up-tools/

Hope that helps.
Zyldar
 
Status
Not open for further replies.
Back