| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 85046 | 2007-11-27 17:00:00 | What's Indt.sys? Need help!!!!! | alnilam (13068) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 615658 | 2007-11-27 17:00:00 | Hi all, I am having a similar problem. I run WinXP SP2 with Symantec AV (get it free from my school), and its autoprotect continually catches Indt2.sys (in system32) and discover[1].exe (in an obscure IE5 temporary files folder, and I use Firefox for the record) in alternating order, and sometimes deletes them, sometimes only makes a "partial" clean (fails to delete it). The pair shows up in autoprotect about every 15 seconds, and I'm glad that it is at least being halted, but I would like to remove it at the source. Symantec's autoprotect categorises them as "Trojan.Adclicker." I have run a full symantec scan in safe mode to no avail. Spybot S&D, in safe mode, found Virtumonde.generic (Trojan), which it claimed to have removed successfully; I am not sure if that is a completely different one, because it is still occuring. It should also be noted that autoprotect shows no activity in safe mode. Edit: I have also run services.msc and disabled "perfmons Service," as suggested earlier in this thread. It would not allow me to STOP the service, though, and the autoprotect still comes up. Should I follow the same instructions given in this thread? I would also like to note that I have been trying out a dual boot with Linux (Ubuntu). It is not very functional Linux as of yet, because I have trouble getting my wireless card to work with it, but this could be handy for deleting files that Windows might not otherwise let me. Any suggestions? Thanks, Alni |
alnilam (13068) | ||
| 615659 | 2007-11-27 17:26:00 | Welcome to PressF1 :) I have split off your post from this thread (pressf1.co.nz) as your problem involves a different program and you are more likely to get help starting a new thread on it. Yes, you can use Ubuntu to access the Windows partition and delete files, but if you remove essential files that Windows normally protects, you will most like kill that OS. |
Jen (38) | ||
| 615660 | 2007-11-27 17:31:00 | Thanks! Then anyone who wonders what I mean in my first post, "Should I follow the instructions given in this thread?", should follow the link in Jen's post. ;) |
alnilam (13068) | ||
| 615661 | 2007-11-27 18:30:00 | run a good antispyware program such as 'spybot search and destroy'.......run it in safe mode after you've download/installed and updated it...... | drcspy (146) | ||
| 615662 | 2007-11-27 18:34:00 | Thank you; I already tried this, though. I have run a full symantec scan in safe mode to no avail. Spybot S&D, in safe mode, found Virtumonde.generic (Trojan), which it claimed to have removed successfully; I am not sure if that is a completely different one, because it is still occuring. It should also be noted that autoprotect shows no activity in safe mode. |
alnilam (13068) | ||
| 615663 | 2007-11-27 19:05:00 | hm.......sorry didn't notice that one....... well you could try this: windowsxp.mvps.org just downlaod it then use it to stop those particular things runnin ? |
drcspy (146) | ||
| 615664 | 2007-11-27 19:05:00 | Try Trojan remover in my sig below. Thats got trojan.adclicker, and Virtumonde in its database. Which has just been updated to 6.6.5. And select all options under the utilities menu. I would also install ccleaner (http://www.ccleaner.com) This may remove whats in the IE5 folder/s. I dont think Autoprotect will work in safe mode, well nothing will as Safe mode disables most of the services / drivers etc. And post a hijackthis log, if u want. |
Speedy Gonzales (78) | ||
| 615665 | 2007-11-27 19:21:00 | drcspy: No worries, I know how it can be skimming through a post really quickly, and I tend to be a bit verbose ;) drcspy + Speedy: Thanks! I will try those as soon as I get home (I am currently at work). |
alnilam (13068) | ||
| 1 | |||||