Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Pragmd.sys -


  • This topic is locked This topic is locked
3 replies to this topic

#1 vmi1816

vmi1816

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 22 May 2010 - 11:22 PM

Hello

My Windows SP2 machine seems to be infected with pragmd.sys. Symptons: My system automatically boots into safe mode and I cannot run Itunes or most .exe files. I can't download any files; also when I run search in Google or Yahoo and click a link the link gets redirected. Sometimes I get redirected to a site with fake virus removal software.

I read the malware remove instructions here at Bleeping computer and downloaded DDS, the program flashed the command screen but did not seem to execute. I tried running DDS twice and got the same result both times.


My ark.txt file is larger the 512k so I am not able to upload it here.
Here's one line from my ark.txt file:

C:\WINDOWS\PRAGMAixgewmxnse\PRAGMAd.sys (*** hidden *** )

What's the next step?

Thanks in advance for your help.

vmi1816

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:04 PM

Posted 23 May 2010 - 04:05 PM

Hello,

Since you are unable to run DDS, please try this:

Download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Please start a new topic and post your log in the HijackThis Logs and Malware Removal forum, NOT here.
  • Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 vmi1816

vmi1816
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 31 May 2010 - 01:25 PM

Thanks Orangeblossom - RSIT ran. :thumbsup:

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:04 PM

Posted 02 June 2010 - 02:37 PM

Hello,

Excellent, and I see that your topic is well under way. To avoid possible confusion, I'm going to go ahead and close this topic.

Good luck with the cleaning process,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users