Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Worm.Win32.Netsky


  • This topic is locked This topic is locked

#16
schrauber

schrauber

    Malware Removal Expert

  • Expert
  • 483 posts
Hi,

Run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    C:\atapi.sys
    C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys /E
    C:\WINDOWS\system32\drivers\atapi.sys|C:\atapi.sys /replace
  • Then click the Run Fix button at the top


Please post the logfile from the fix and try to boot normally.
  • 0

Advertisements


#17
GLFAC

GLFAC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
I tried starting Windows normally and it still won't start :) ....please see below the log file:

========== FILES ==========
C:\atapi.sys moved successfully.
atapi.sys extracted to C:\
C:\WINDOWS\system32\drivers\atapi.sys moved successfully.
Invalid replace specification: C:\atapi.sys

OTLPE by OldTimer - Version 3.1.30.1 log created on 02272010_214456
  • 0

#18
schrauber

schrauber

    Malware Removal Expert

  • Expert
  • 483 posts
Seems like you did not put the last line from the fix into one line, seems like it has looked like this:

C:\WINDOWS\system32\drivers\atapi.sys
|C:\atapi.sys /replace

instead of

C:\WINDOWS\system32\drivers\atapi.sys|C:\atapi.sys /replace


Please run this under the custom scan of OTLPE:

:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\atapi.sys /replace



Note:

:files is one line
and the rest have to be in one line.

Edited by schrauber, 28 February 2010 - 02:57 AM.

  • 0

#19
GLFAC

GLFAC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Sorry my bad........here it is:

========== FILES ==========
File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\atapi.sys

OTLPE by OldTimer - Version 3.1.30.1 log created on 02282010_105620

It still will not boot up into windows
  • 0

#20
schrauber

schrauber

    Malware Removal Expert

  • Expert
  • 483 posts
Hi,

  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Safe List
  • Under the Custom Scan box paste this in

    /md5start
    winlogon.exe
    userinit.exe
    /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

  • 0

#21
GLFAC

GLFAC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi Tom,
Attached is the OTL text file.
Thanks,
Greg

Attached Files

  • Attached File  OTL.Txt   89.33KB   271 downloads

  • 0

#22
schrauber

schrauber

    Malware Removal Expert

  • Expert
  • 483 posts
Hi,

Ok these system files are present and clean. Can you remember which system file was killed by Norton?
  • 0

#23
GLFAC

GLFAC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
I have no idea........Norton didn't tell me.
  • 0

#24
GLFAC

GLFAC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi Tom,
I haven't heard from you since my last reply on March 2nd.
Thanks,
Greg
  • 0

#25
schrauber

schrauber

    Malware Removal Expert

  • Expert
  • 483 posts
Hi,

Sorry for the delay, had a huge power cut, the second one in 3 days.

  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Safe List
  • Under the Custom Scan box paste this in

    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    explorer.exe
    ws2_32.dll
    /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

  • 0

Advertisements


#26
GLFAC

GLFAC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
I'm sorry to hear that. Please find OTL file attached. Thanks

Attached Files

  • Attached File  OTL.Txt   97.73KB   259 downloads

  • 0

#27
schrauber

schrauber

    Malware Removal Expert

  • Expert
  • 483 posts
Ok, system files are in place, lets try something else.

Run OTLPE one more time, set the Registry tab to "All" and click the run scan button. Post back with the logfiles please.
  • 0

#28
GLFAC

GLFAC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi Tom,
Please find the otl.txt file attached. I checked off "standard" and "extra" registry.
Thank you,
Greg

Attached Files

  • Attached File  OTL.Txt   123.24KB   267 downloads

  • 0

#29
schrauber

schrauber

    Malware Removal Expert

  • Expert
  • 483 posts
Hi,

looks also ok.

  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Safe List
  • Under the Custom Scan box paste this in

    type c:\boot.ini /c
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

  • 0

#30
GLFAC

GLFAC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
A warning popped up: Cannot create file X:\Programs\OTLPE\cmd.bat
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP