You're doing a great job.
Please print these instructions because you will not have access to the Internet while performing some of the tasks below.
- Copy and paste commands
- Click Start > All Programs > Accessories > Command Prompt. A Command Prompt window will open.
- Copy the contents in the following box and then right-click in the Command Prompt window and select Paste from the popup menu. The Command Prompt window will close.
- Do not include the word "Code:"
- Code: Select all
echo @echo off >c:\MWRcopy.bat echo copy c:\windows\system32\drivers\hidclass.sys c:\hidclasscopy.sys >>c:\MWRcopy.bat echo copy c:\windows\system32\drivers\hidusb.sys c:\hidusbcopy.sys >>c:\MWRcopy.bat exit cls
- Click Start > All Programs > Accessories > Command Prompt. A Command Prompt window will open.
- Execute a batch file in the Windows Vista Recovery Environment
- Reboot (restart) your computer and repeatedly press the F8 key until the Advanced Options Menu appears.
- Select the Repair your computer option and press the Enter key.
- Select your language and/or keyboard layout and click the Next button.
- Type your password (if necessary) and click the OK button. The System Recovery Options window will be displayed as shown below:
- Click the Command Prompt option. A cmd.exe window will be displayed.
- Type C: and press the Enter key. The command prompt (the text left of the flashing cursor) will change to C:\>
- Type MWRcopy.bat and press the Enter key. The message "1 file(s) copied" should be displayed twice.
- Type exit and press the Enter key. The cmd.exe window will close and the System Recovery Options window will be visible.
- Click the Restart button and allow the system to reboot (restart) into Normal mode.
- Scan files using VirusTotal
Perform the following steps for each of the following files, one at a time:- Code: Select all
C:\hidclasscopy.sys C:\hidusbcopy.sys
- Goto www.virustotal.com
- Click the Choose File button then navigate to and double-click on the file to be scanned.
- Click the Scan it! button. Your file will be uploaded and analyzed.
- Note: If a message is displayed indicating that the file was already analyzed, click the Reanalyse button so that your copy of the file will be analyzed.
- Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
- Download & Run RogueKiller
- Please click here to download RogueKiller and save it to your Desktop.
- Quit all running programs.
- Right-click on the RogueKiller.exe icon and select Run As Administrator to run it.
- Wait until the Prescan has finished.
- Make sure that the MBR Scan box is checked (ticked) within the Options column on the right side of the window.
- Click the Scan button.
- Do not take any action on any reported items at this time.
- Click the Report button within the Options column on the right side of the window to display the report. (The report can also be found in file RKreport.txt on your Desktop)
- Copy the contents of the report and paste it into your reply.
- Close both the report window and the RogueKiller window.
- Run a custom scan with OTL
- Double-click the OTL icon on your Desktop to run the program.
- In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
- Code: Select all
c:\hidclasscopy.sys /md5 c:\hidusbcopy.sys /md5 c:\autorun.inf c:\u3rom\*.* /s
- Click the None button.
- Click the Run Scan button at the top.
- A Notepad window will open when the scan completes.
- Copy the contents of that file and post it in your next reply. The log can also be found on you Desktop as OTL.txt.
Please include in your reply:
- The text of any error messages and/or a description of any problems you encountered while performing these steps.
- The permalink (web address) for the scan of file hidclasscopy.sys.
- The permalink (web address) for the scan of file hidusbcopy.sys.
- The contents of the RogueKiller report.
- The contents of the OTL.txt log.
mambass