Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to download any programs such as malwarebytes removal or antivi


  • This topic is locked This topic is locked

#16
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Click on Start, type CMD on the search box, you will see the CMD.exe on top of the Start menu, right click on it and select run as an Administrator.

You should see this: CMD.jpg
  • 0

Advertisements


#17
Anilou

Anilou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
no still nothing about administrator
  • 0

#18
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Build and run the following batch file:

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as Reparse. No extension.
  • and Save it on the desktop. The file will be saved as Reparse.txt.
  • Right click on Start button and select Explore.
  • Click on Organize, then on Folders and Search options.
  • Click on the View tab.
  • Remove the check mark for "Hide Extension for known files"
  • Click on Apply then on OK.
  • Go to your desktop and right click on the Reparse.txt and select rename.
  • Replace the extension .txt for .bat and click on an empty space on the desktop.
  • That should convert the text file into a batch file.
  • Once saved, right click on the Reparse.bat and select run as an administrator.

@Echo off
cd /d %~dp0
Color 1f
Title Removing Reparse Points by JSntgRvr
ECHO Working....... Please wait
fsutil reparsepoint delete "c:\Program Files\Windows Defender"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\en-US"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpAsDesc.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpClient.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpCmdRun.exe"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpCommu.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpEvMsg.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpOAV.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpRTP.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpSvc.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MSASCui.exe"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpCom.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpLics.dll"
fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpRes.dll"
Echo Seaching for Reparsed Points, please wait.
Dir /s /a:l c:\* >"%Userprofile%\desktop\Report.txt"
Start "%Userprofile%\desktop\Report.txt"
Exit


Once the MSDOS window closes, the Report.txt will open. Post its contents.

Got to get some ZZZZZ. I'll be checking on you tomorrow.
  • 0

#19
Anilou

Anilou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
sleep well :) thank you
  • 0

#20
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Were you able to built the batch fife?
  • 0

#21
Anilou

Anilou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I had a blue screen come up with this file or directory is not a reparse point
  • 0

#22
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
The computer is definitely infected with ZeroAccess, a back door Trojan. In order to remove all reparse points, I would suggest you contact a friend and have FRST downloaded in a USB flashdrive, as explained on Post #4. That will give us the opportunity to remove all lose ends at once. Chances are the reparse points are being protected.
  • 0

#23
Anilou

Anilou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
will do
thank you
  • 0

#24
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
:thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP