Holy heck - how do I do this.

by HeySal
9 replies
  • OFF TOPIC
  • |
First off - I'm trying to get rid of that damned System 32 pcpip downloader. I've done the avast boot scans and was able to get the rootkits off, but can't get the downloader off. Every URL I look at to do it has strings of hackthis code crap that I know sh## from shinola about - um........need plain English.

I've also a few programs that are supposed to run in safe mode and I can't get the damn thing into safe mode - all I get is the bios.

AAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHH

Anyone on here able to give a techno-idiot some pointers?
  • Profile picture of the author Mike Baker
    Can you explain the circumstances in which this started happening and I may be able to help.
    Signature

    {{ DiscussionBoard.errors[3291110].message }}
  • Profile picture of the author HeySal
    No, Mike, No I can't. I was at my Niece's for a few days and went home and turned the puter on and got a flag from Avast. Went in to see which systems were running and found the root kit running and turned it off then did a boot scan - took three instances of the root kit off but can't remove the downloader out of my Win32 pcpip file. If i knew the exact code to delete I could do it.

    I have no clue how it got on there - I run Malwarebyts, Avast, dcombobalator, Better Privacy, crap cleaner, and XP Antispy and I still got plugged. How is a very darned good question. I'd love to know how it got past everything.

    But all in all - I don't think how it got there matters as much as how do I get the thing out of here.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[3291230].message }}
  • Profile picture of the author Mike Baker
    I didn't mean how it got there, but when did you start noticing it etc. But you have replied with that info anyway.

    What version of Windows are you running?
    Signature

    {{ DiscussionBoard.errors[3291257].message }}
  • Profile picture of the author HeySal
    XP some year - 2000 I think.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[3291298].message }}
    • Profile picture of the author Mike Baker
      Originally Posted by HeySal View Post

      XP some year - 2000 I think.
      Hehe. Ok.

      Here's how you check. Go to Start -> Control Panel -> System. It will be displayed on the System window.
      Signature

      {{ DiscussionBoard.errors[3291453].message }}
  • Profile picture of the author KimW
    Sal, can you tell me the exact file name? When I googled it I got something different than what you typed in your first post.
    Also, have you updated your Malwarebyte? It is one of the better removers out there.
    The other thing you might try is running Hijackthis,but if you do this they will want you to post your log and it might take a day or two for them to get back to you.
    Signature

    Read A Post.
    Subscribe to a Newsletter
    KimWinfrey.Com

    {{ DiscussionBoard.errors[3292521].message }}
  • Profile picture of the author Kurt
    Try ESET's free online scanner. It's maybe the best anti-virus and with it being online the bad stuff can't mess with it.

    It can't hurt...
    Signature
    Discover the fastest and easiest ways to create your own valuable products.
    Tons of FREE Public Domain content you can use to make your own content, PLR, digital and POD products.
    {{ DiscussionBoard.errors[3293442].message }}
  • Profile picture of the author HeySal
    Thanks Guys - I'm not at home right now but going there in a bit -- I'll put up the exact file Name

    Kim - the file itself is legit, this particular downloader isn't a fake file, it actually incorporates itself into a legit file so it's hard as heck to deal with. The stuff it downloads comes right off, but takes time to deal with.

    Kurt - will give that a try. Haven't done a boot scan in Malwarebytes yet but will be doing so very shortly Avast boot scans brought it up and I've hit both repair and delete on those scans and it doesn't hold. So one more scan can't hurt.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[3294082].message }}
  • Profile picture of the author HeySal
    Kim - full file name is: C:\WINDOWS\System32\drivers\tcpip.sys
    At this point if I had my OS disk I'd just run a repair.

    Kurt - running a malwarebytes deep scan and going to finish up with your program.

    This thing is effecting hordes of computers. The one I use at my niece's when the connection fudges at this house is also infected - and my sister's is completely inoperable right now.

    I run more security systems than anyone I know and can't figure out how it got it. I'm suspecting LSO cookies that some sites are using are letting them in - I clean the cookies out via the FF Better Privacy pluggin, but I don't think that's quick enough - my dcom is turned off so they aren't getting in there. Comodo and Avast and Malwarebytes contunually running.

    For those of you who are fed up with google's spam results -- better start checking out what keyloggers are being dumped into your computer by this thing.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[3294545].message }}

Trending Topics