This is a worm that uses the rootkit techniques to hide itself on the infected computer. Malware Name : W When your computer boots up a process called winupgro. It disables all of your antivirus programs.
Example - Im using avast! Antivirus and when i click on it i see this message "AshAvast. Deleting only the winupgro. Removal Procedure 1: 1. Reboot your PC 2. Download F-Secure BlackLight and run it, after it will safe a log file on your desktop there it will show you where the malicious files are located.
Now go ahead and delete the files and folders listed in the File Location above. Open up Combo-Fix. After you have successfully removed the infection Re-install your Antivirus program or any other applications that have been corrupted. If the above worked then continue with the below. Hi Chaslang, Just did everything you requested by booting windows in Recovery mode. There didn't seem to be any problems deleting the files wintems. However, when I typed in rmdir downld I just got the message 'the directory is not empty'.
Afterwards I rebooted my pc in normal mode. I wasnt able to run combofix as it still just comes up with the 'not a valid Win32' box as it always has since I saved it as cf. Hope the attachments help. S I've just noticed wintems. Last edited: Apr 27, Skinno , Apr 27, With Windows running, are you allowed to delete any of these files?
Try deleting all of them. Do it in small groups if necessary. It is possible that some will be deletable and some will not. Let me know. Otherwise boot to the recovery console again and follow all the same steps again but instead of using rmdir downld , do the below. Even when I mananged to get into the drivers folder there was no 'downld' folder. Once I deleted all the files, I rebooted the PC and instantly despite clearing the folder, some files were back in it after reboot see attachment.
I then deleted these also. At the time of posting this though, no more seem present but things are seemingly very slow internet explorer is anyway. Thanks: Skinno. It mentions having to use 'safe mode'. All well and good if this works lol. I followed and printed all the instructions on booting in safe mode and running SDFix. Start Windows Normally. All that happened was my pc just kept trying to reboot and ending up at the same page over and over again.
I ran my original Xp 1 disc and yes, I could get into Recovery Console but that was of no use as I wasnt given any clues to which command prompt I could use to get me out of this cycle I was in. This would be useful to know for future reference I had no choice but to go into set up and try 'repair xp' about 12 times. Basically it kept saying on screen that I couldnt boot in safe mode then all it did was take me back to the page with the options of Safe Mode Safe Mode with Networking I am gutted.
Lost everything again. Thats all though, as of yet. Are there any other recommendations you would offer regarding software? I'm only running Windows Firewall at the moment. I did have the Online Armor one on the day I got the virus but not any more. I havent installed another one yet as I dont know which free one is best.
It's just showing the black screen with the small white rectangular strip at the bottom I've already rebooted my PC about 10 times since reinstalling Windows but still it's as slow now as it was yesterday after the reformat. Any idea why this is or any solutions? Or if this isnt the part of the forum I can get help from about this issue, which part is? Thanks for all the help along the way throughout all this.
All of it has been much appreciated. Last edited: Apr 28, Skinno , Apr 28, I'm sorry to hear of how things worked out and that you had to resort to formatting. This particular infection is a very nasty one as you can see from the things we had to try inorder to fix it.
There are no easy fixes for this infection. Sometimes if caught early enough before it has spread too much, it can be a little easier to fix. Hi Chaslang, Thanks for the reply. Regarding my reinstallation of windows and reformatting the hard drive: The copy I have of Windows XP service pack 1 IS an original copy yes, so no fakes in the disc dept.
I did reformat ALL the hard drive, partitions etc then reinstall. Obviously with my disc being kinda old and not a service pack 2 edition, once installed, I had to telephone microsoft for a new installation code apparently, I had used the original code too often. There didn't seem a problem with this and the person I spoke to gave me a new set of six digit numbers to input, resulting in a 'Thank You' message on screen so Im assuming there's no problems there.
It may be worth pointing out that I do also run another hard drive as a slave drive on which I store my music, NOT any programs alongside the newly reformatted drive.
Theres no infections on it. I'm about to reinstall Online Armor and disable the current Windows firewall. At your recommendation, I guess for my boot-up problem i. Meanwhile, I reinstalled MGTools and have enclosed a log for your perusal. Fingers crossed, all is clean. Many thanks Skinno. Last edited: Apr 29, Skinno , Apr 29, Hi Chaslang, As requested, I ran hijackthis and deleted the said files.
My pc is still booting up at the same snail pace as before. I also uninstalled SuperAS and Viewpoint. Im now left without a spyware prog, so thinking of installing Spybot. Two things I have noticed since reformatting are: On my CDwriter there's a red light not green constantly on. Ive not noticed this before. Maybe its normal, I dont know, or perhaps a loose cable???? These cookies will be stored in your browser only with your consent.
You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience. Necessary Necessary. Necessary cookies are absolutely essential for the website to function properly.
These cookies ensure basic functionalities and security features of the website, anonymously. The cookie is used to store the user consent for the cookies in the category "Analytics". The cookies is used to store the user consent for the cookies in the category "Necessary". The cookie is used to store the user consent for the cookies in the category "Other.
The cookie is used to store the user consent for the cookies in the category "Performance". It does not store any personal data. Functional Functional. Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance Performance. Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. Analytics Analytics. Analytical cookies are used to understand how visitors interact with the website.
0コメント