Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Strange file found "mctajlw.sys" need help please

  • This topic is locked This topic is locked
2 replies to this topic

#1 theBanger


  • Members
  • 4 posts
  • Local time:09:36 PM

Posted 28 August 2010 - 05:10 AM

Can someone please help me? I'm running Windows XP. I really have no Idea what I should do.

Last Friday I was attacked by a virus called "Anti-Malware Doctor". Shortly after the infectous download, I found that my internet was not connecting. After trying all the usual fixes, such as unpluging the modem, I decided to call Shaw (my service provider) to see if it may have been on their end. After follwing their procedures, and after a reboot I discover the virus. The Shaw tech said that I might be able to access the internet by going through safe mode with networking, and sure enough I was. However my connection is short lasting (between 1 minute - 5 minutes) so I've been constantly rebooting to access the internet.

I've followed the basic instructions I've come across, ran rkill, installed malware-bytes, ran the scan and it nailed a bunch of files. Yet I still had the internet connection issue. I also ran 'spybot' and 'SUPER antispyware' and they both removed lots of files, but still had internet problems. Then a day or so later, malware-bytes detects this: "mctajlw.sys" in C:\WINDOWS\system32\drivers, it tells me that it cannot remove the file, and needs to reboot.

Investigating further, the only information the file gives while I mouse over is that it was created: 08/20/2010 10:54, same day as infection, and it says that its 765KB, considerably larger than the other .sys programs in the folder. The file cannot be deleted, and the malware-bytes fileASSASSIN will not remove it, when I try to delete I get this message "Cannot delete mctajlw: Cannot read from the source file or disk.". Also of note, all other .sys files I can open with notepad except this one, I get this error when I try, "A device attached to the system is not functioning."

Perhaps the problem I'm having and the file detected have no corilation, but I'm not going to pretend to have any idea of what's going on.

Also please pardon my poor spelling, I'm copy pasting this from notepad, and I don't have enough time to spell check before my internet cuts out agen.

BC AdBot (Login to Remove)


#2 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:01:36 AM

Posted 28 August 2010 - 06:10 AM

As you may not have enough time to run logs and post them in the malware forum you should post a query (copy and paste the info above) on the Am I Infected forum.
Posted Image
m0le is a proud member of UNITE

#3 Grinler


    Lawrence Abrams

  • Admin
  • 43,715 posts
  • Gender:Male
  • Location:USA
  • Local time:08:36 PM

Posted 28 August 2010 - 09:34 PM

This forum is only for computers who have been hacked. For those who need malware removal assistance you should ask in the am i infected forum or the virus removal forum.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users