Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Strange file found "mctajlw.sys" need help please

  • Please log in to reply
1 reply to this topic

#1 theBanger


  • Members
  • 4 posts
  • Local time:09:56 PM

Posted 28 August 2010 - 08:56 PM

Can someone please help me? I'm running Windows XP. I really have no Idea what I should do.

Last Friday I was attacked by a virus called "Anti-Malware Doctor". Shortly after the infectous download, I found that my internet was not connecting. After trying all the usual fixes, such as unpluging the modem, I decided to call Shaw (my service provider) to see if it may have been on their end. After follwing their procedures, and after a reboot I discover the virus. The Shaw tech said that I might be able to access the internet by going through safe mode with networking, and sure enough I was. However my connection is short lasting (between 1 minute - 5 minutes) so I've been constantly rebooting to access the internet.

I've followed the basic instructions I've come across, ran rkill, installed malware-bytes, ran the scan and it nailed a bunch of files. Yet I still had the internet connection issue. I also ran 'spybot' and 'SUPER antispyware' and they both removed lots of files, but still had internet problems. Then a day or so later, malware-bytes detects this: "mctajlw.sys" in C:\WINDOWS\system32\drivers, it tells me that it cannot remove the file, and needs to reboot.

Investigating further, the only information the file gives while I mouse over is that it was created: 08/20/2010 10:54, same day as infection, and it says that its 765KB, considerably larger than the other .sys programs in the folder. The file cannot be deleted, and the malware-bytes fileASSASSIN will not remove it, when I try to delete I get this message "Cannot delete mctajlw: Cannot read from the source file or disk.". Also of note, all other .sys files I can open with notepad except this one, I get this error when I try, "A device attached to the system is not functioning."

Perhaps the problem I'm having and the file detected have no corilation, but I'm not going to pretend to have any idea of what's going on.

Also please pardon my poor spelling, I'm copy pasting this from notepad, and I don't have enough time to spell check before my internet cuts out agen.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,556 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:08:56 PM

Posted 28 August 2010 - 11:45 PM


detects this: "mctajlw.sys" in C:\WINDOWS\system32\drivers, it tells me that it cannot remove the file, and needs to reboot.

Did you reboot?

Then Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program

  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users