Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 darkluna


  • Members
  • 7 posts
  • Local time:05:58 AM

Posted 10 May 2009 - 08:17 PM

I'm using avira anti-virus...and everytime the pc starts up this file "linkinfo.dll" is being detected as a virus...
The file is located in C:\Windows\linkinfo.dll , I tried to delete it manually but when I look at C:\Windows there is no "linkinfo.dll" file...
I have shown all hiden files and and disable hide extention and hide protected OS files but I can't see the said file...

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,566 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:05:58 AM

Posted 10 May 2009 - 09:00 PM

Hello and welcome. First I am moving this to the Am I Infected forum as you are..

This is a polymorphic parasitic worm that infects Win32 executable files (*.exe) that can also download and execute additional malware.
It is a Dangerous infection that Phones home with personal info it collects. It also connects to the internet to download more. So you should stay disconnected as muchas possible till removed.
It allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Characteristics -
NOTE:%Windir% + the root drive,normally C:\

W32/Almanahe.c is a polymorphic parasitic worm that infects Win32 executable files (*.exe) that can also download and execute additional malware.

Upon execution, it drops the following file(s):

%Windir%\linkinfo.dll (W32/Almanahe.dll) %Windir%\System32\drivers\nvmini.sys (W32/Almanahe.sys) %Windir%\System32\drivers\IsDrv118.sys (W32/Almanahe.sys) C:\boot.exe (W32/Almanahe)(Where %Windir% is the Windows folder; e.g. C:\Windows. A legitimate copy of linkinfo.dll usually resides in %Windir%\system32\linkinfo.dll)

These files are hidden by the rootkit component (W32/Almanahe.sys).


I am not sure if we can get this off here. Let's try some things..
Next run MBAM:
Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Please run RootRepeal - Rootkit Detector

Please download: RootRepeal .
Direct download link is here: RootRepeal.rar.
If you need a program to open a .RAR compressed file. Download a trial version from here: WinRAR.

Extract the program file to a new folder such as C:\RootRepeal.
Run RootRepeal.exe and go to the REPORT tab and click the Scan button.
Select ALL of the checkboxes and then click OK and the scan will start.
If you have multiple drives you only need to check the C: drive or the drive which Windows is installed to.
When done, click on Save Report.
Save it to the same location where you ran it from above, such as C:\RootRepeal
Save it as your_name_rootrepeal.txt - where your_name is your forum name
This makes it more easy to track who the log belongs to.
Now open that log and select all and copy/paste it back on your next reply please.
Quit the RootRepeal program.

Edited by boopme, 10 May 2009 - 09:10 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users