RUcrzy trojan wont stay removed

You don't need to copy them and in some case your would not be able to overwrite them anyway since the OS has them in use.

Is the size & date of ndis.sys you just gave me from your laptop or the problem PC?

 

Please be more careful in the future. I did not ask for this!

I would like you to get a copy of the ndis.sys file from your laptop into your problem PC's c:\windows\system32\drivers folder. Do you think you can do this? You will more than likely have to do it in safe boot mode.

 

Are you in safe boot mode?

 

I did not ask for the size of the ndis.sys file on your problem PC! I had asked for the size from your Laptop.

 

Try copying the file from your flash drive (hopefully you can access it in safe mode) directly over the top of the c:\windows\system32\drivers\ndis.sys file.

 

That was why I wanted to replace it! The previous copy we used to replace the infected file was from Windows XP SP1 not from SP2 which your PC is currently running. When you said you had a laptop and then also told me the size, I knew we could now replace it. Previously when all I knew was that you did not have a Windows XP CD, there was not much I could legally do to help you. The infected file had to be removed, but you did not have any other copies on your PC except for the outdated version which I was hoping would work.

Attach a new log now from ShowNew.

Are you having any malware problems now? The search and user accounts problems are not malware.

 

You can donate to me via PayPal if you would like. Just PM me with an email address.

These are really issues for the software forum but first let's finish the below and then see where things stand.

First delete the malware backup file we created: C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys.bak

Now complete ALL of the below steps! Make sure you do the Windows Update step, it may help resolve some of your problems. You also have to get one of the recommended antivirus and firewall applications installed ASAP. These are all covered in the How to protect link given below.


It is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

This is another sign of other problems on your PC that are not malware related.

Did you connect to Microsoft using Internet Explorer?

 

Just skip the MS Update step for now and complete ALL other steps. I suggest you use AVG AntiSpyware, Comodo Firewall, Comodo BO Clean AntiMalare. Make sure you read and complete all steps in the How to protect thread. Once you finish ALL steps. Attach new logs from ShowNew and HJT.