Rofl.sys
- Thread starter ASG
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Your system is infected by quite a collection of nasties.
First. Go HERE and have your computer scanned.
Then, go and read both these threads by RBS. Follow all the instructions exactly.
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Once you have done that. Please post a fresh HJT log.
Regards Howard :wave: :wave:
Your system is infected by quite a collection of nasties.
First. Go HERE and have your computer scanned.
Then, go and read both these threads by RBS. Follow all the instructions exactly.
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Once you have done that. Please post a fresh HJT log.
Regards Howard :wave: :wave:
I tried doing most of the stuff on those posts, but most of the programs just ended up crashing on me or not updating...
I did the best I could given the circumstances and I think I fixed a few things.
I still have that pesky rofl.sys though (and there's also a process that keeps popping up on the task manager process list that I hadn't noticed before and I have no idea what it is... nor does google, apparently - hseure.exe. it's on the WINDOWS dir)
Anyway, here's my new (and hopefully improved) HJT log
I apreciate all the help I can get, cause this computer is seriously acting up!
I did the best I could given the circumstances and I think I fixed a few things.
I still have that pesky rofl.sys though (and there's also a process that keeps popping up on the task manager process list that I hadn't noticed before and I have no idea what it is... nor does google, apparently - hseure.exe. it's on the WINDOWS dir)
Anyway, here's my new (and hopefully improved) HJT log
I apreciate all the help I can get, cause this computer is seriously acting up!
Tedster
Posts: 5,746 +14
If you're overrun with multiple viruses and trojans, as hard as it may be, your best best might be to do a complete reinstall. Correcting the registry can be complicated and difficult, even for an experienced user like myself. With a fresh install, you can place safeguards in place BEFORE you connect the computer physically online. So install your firewall, anti-virus, and anti-trojans before connecting. then immediately update all 3 with the latest versions and also update windows completely.
Your system appears to be infected with the w32/tile-bot virus and variants. This virus also downloads additional malware and compounds the infection.
It also has the symptoms of the mytob virus.
W32.Mytob.ML@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
both viruses attack file in question.
w32/tilebot-x et all are also known as hacktool.rootkit viruses and are VERY difficult to remove. read the sticky on how to remove rootkits.
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system virus scan and delete all the files detected.
4. some registry editing may need to be done.
mytob - read: http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ml@mm.html
Your system appears to be infected with the w32/tile-bot virus and variants. This virus also downloads additional malware and compounds the infection.
It also has the symptoms of the mytob virus.
W32.Mytob.ML@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
both viruses attack file in question.
w32/tilebot-x et all are also known as hacktool.rootkit viruses and are VERY difficult to remove. read the sticky on how to remove rootkits.
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system virus scan and delete all the files detected.
4. some registry editing may need to be done.
mytob - read: http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ml@mm.html
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode, and turn off system restore.
Open your task manager, and end task for(if still there)
sx.exe
reader_sl.exe
winpnp32.exe
Run a full system scan with your AVG.
Run HJT with no other programmes open, and let HJT fix the following if still there.
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\sx.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O15 - Trusted IP range: http://192.168.1.1
O15 - Trusted IP range: 127.0.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: mtklefa - {9FAB6534-C2D0-4A68-7BAA-B0C8EA05B491} - C:\WINDOWS\System32\mfrays32.dll (file missing)
O21 - SSODL: CIFBB0EF - {264604AA-7846-648F-3009-2B87327B37C4} - C:\WINDOWS\System32\Ahkopcpd.dll (file missing)
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32.exe (file missing)
Close HJT.
Click start/run, and type services.msc into the run box, and press the enter key.
When the window appears. Maximise it, and locate Windows 32-bit PnP Driver. Double click on it, and stop it if it`s still running if you can. Set the startup type to disabled. Click apply/ok.
Go into the following directories, and delete the bold files.
C:\sx.exe
C:\WINDOWS\System32\winpnp32.exe
Reboot your computer, and turn system restore back on.
Regards Howard
Open your task manager, and end task for(if still there)
sx.exe
reader_sl.exe
winpnp32.exe
Run a full system scan with your AVG.
Run HJT with no other programmes open, and let HJT fix the following if still there.
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\sx.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O15 - Trusted IP range: http://192.168.1.1
O15 - Trusted IP range: 127.0.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: mtklefa - {9FAB6534-C2D0-4A68-7BAA-B0C8EA05B491} - C:\WINDOWS\System32\mfrays32.dll (file missing)
O21 - SSODL: CIFBB0EF - {264604AA-7846-648F-3009-2B87327B37C4} - C:\WINDOWS\System32\Ahkopcpd.dll (file missing)
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner - C:\WINDOWS\System32\winpnp32.exe (file missing)
Close HJT.
Click start/run, and type services.msc into the run box, and press the enter key.
When the window appears. Maximise it, and locate Windows 32-bit PnP Driver. Double click on it, and stop it if it`s still running if you can. Set the startup type to disabled. Click apply/ok.
Go into the following directories, and delete the bold files.
C:\sx.exe
C:\WINDOWS\System32\winpnp32.exe
Reboot your computer, and turn system restore back on.
Regards Howard
I too, a victim of rofl.sys
Hey everyone,
So, I have formatted my computer and reinstalled XP pro, and received rofl.sys a week later at least twice now. I have also followed ALL instructions on
https://www.techspot.com/vb/topic30213.html
and
https://www.techspot.com/vb/topic17297.html
as well as the ones on this current forum.
I use AVAST anti-virus and occasionally it pops up saying I have a trojan. My internet gets shut down now and then (@college) because the CIT guys says my computer is trying to hack passwords on the network. Mind you, all these problems continue to happen even after I format and do a complete reinstallation. Here are my Hijack this logs and my Ewido scan report. Please help, this thing is annoying and I have finals commin up =o/
Hey everyone,
So, I have formatted my computer and reinstalled XP pro, and received rofl.sys a week later at least twice now. I have also followed ALL instructions on
https://www.techspot.com/vb/topic30213.html
and
https://www.techspot.com/vb/topic17297.html
as well as the ones on this current forum.
I use AVAST anti-virus and occasionally it pops up saying I have a trojan. My internet gets shut down now and then (@college) because the CIT guys says my computer is trying to hack passwords on the network. Mind you, all these problems continue to happen even after I format and do a complete reinstallation. Here are my Hijack this logs and my Ewido scan report. Please help, this thing is annoying and I have finals commin up =o/
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
For a start, you`re running a completely unpatched version of Windows. You need to install at least SP1 and preferably SP2.
Go HERE and follow the instructions.
Then, go HERE and do likewise.
Open a new thread in this forum and post a fresh HJT log, only after doing the above.
Regards Howard :wave: :wave:
XAxis06 said:
For a start, you`re running a completely unpatched version of Windows. You need to install at least SP1 and preferably SP2.
Go HERE and follow the instructions.
Then, go HERE and do likewise.
Open a new thread in this forum and post a fresh HJT log, only after doing the above.
Regards Howard :wave: :wave:
- Status
Similar threads
Latest posts
-
How to build a Wii the size of a deck of cards- Daniel Sims replied
-
Sony's Ghost of Tsushima brings familiar PlayStation features to PC- WhiteLeaff replied
-
Apple is finally rolling out AirPlay support in hotel rooms- VitalyT replied
