I have tried anti-virus programs. They find files that start with UAC. I quarantine them but it leaves 2 that it can not move. I am asked to restart so it can remove them but it still does not remove them. I am doing this in Safe Mode. When I am not in safe mode the laptop freezes up and I have to do a hard reboot and use F8 to choose Safe Mode with Networking.
I have almost tried everything i can think of.
I did find a file in system32 folder called uactmp. I opened it with notepad and it has a large list of viruses and trojan names. It also has names of anti-viral programs. Could the rootkit be using this file for a reference to keep anti-virus programs from installing correctly or corrupting their installation? If so. Would it be wise to select it all and delete it and save? That would leave the rootkit defenseless unless it restores it on reboot.
I have tried to upload as an attachment but it is a large text file. 1.8mb. I will place the contects in another post if so directed to do so. But let me warn you. It is a lot to go thru!
I can not install anything unless I am in safe mode. So what can I do? It freezes in normal mode. Will HiJack This install properly in safe mode so I can post its results on here?
Right now I am using my PC which is secure. (Been up for years with no problems.)
Here's a list of files I find that may be part of this virus as all anti-viral programs finds these.
uactmp (Data Base File)
These were found by Comodo Anti-virus. It still did not get rid of the problem as these files come back.
I download programs to use with my PC and then transfer them to my MP3 player to copy to the infected PC for installing. (Only in safe mode)
SO? If anyone can help me, latter I can help some here after I get recognized with some experience.
Edited by garmanma, 20 March 2009 - 08:54 AM.