How do i remove the rtkt_stitch.d virus

View previous topic View next topic Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 12:14 am

it won't let me go to this site

Download SDFix and save it to your Desktop.

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by Belahzur on Thu Oct 09, 2008 12:15 am

[You must be registered and logged in to see this link.]

Download and extract it.

If this doesn't work, I'm going after it full blast. Evil or enraged


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 12:23 am

Megamanager is now a Plugin in my foxfire browser.

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 12:25 am

When I click on your SDfix link I get this

[You must be registered and logged in to see this link.]

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by Belahzur on Thu Oct 09, 2008 12:29 am

This might fix it.

I need you to do this:
Start > Run > type in regedit and press enter.

This will open the registry editor.
Try to follow this path. (Press the little + image at the side of each key to open a new menu to follow the path)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\

Once you get to the winlogon part, don't press the + at the side, click the word winlogon only once, it will show a big list of stuff at the right hand pane.

See this image:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 12:39 am

I was hoping I didn't have to go into the registry. Here it goes. :=.=':

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 12:46 am

OK I'm there - I didn't click on the + on winlogon but clicked the word itself and the right pane got a lot of stuff there.

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by Belahzur on Thu Oct 09, 2008 12:49 am

Good.
Double click "userinit" and you already have it set to "C:\windows\system32\", you need to add "userinit.exe" to the end so it will change the data value to:

"C:\windows\system32\userinit.exe"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 12:55 am

C:\WINDOWS\system32\userinit.exe is already there and it has a comma on the end as well.

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by Belahzur on Thu Oct 09, 2008 1:02 am

Well there goes my idea. Evil or enraged
Exit the registry editor.

Here's a last shot in the dark.

Download OTMoveIt3 from here.
[You must be registered and logged in to see this link.]

Download and open it.
In the "Paste instructions for items to be moved", paste this:


:Files
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat


Press the red MoveIt! button, it will make a report in the right hand pane.
Copy and paste it back here.

I've left a note for another helper to help out, he should be online in a few hours.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by Belahzur on Thu Oct 09, 2008 1:10 am

Hopefully you'll see this post.
You should be able to analyze this yourself, if OTMoveIt says Moved Successfully, then the files were present, OTMoveIt killed them now.

If it says Not found, the rootkit wasn't there and my idea is gone again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 1:11 am

========== FILES ==========
Invalid Environment Variable: System

OTMoveIt3 by OldTimer - Version 1.0.4.1 log created on 10082008_210823

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by Belahzur on Thu Oct 09, 2008 1:12 am

I edited the post, I made a typo, try again. LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 1:32 am

========== FILES ==========
File move failed. C:\WINDOWS\system32\drivers\ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.4.1 log created on 10082008_211343

Files moved on Reboot...
C:\WINDOWS\system32\drivers\\UMDF moved successfully.
C:\WINDOWS\system32\drivers\\etc moved successfully.
Folder move failed. C:\WINDOWS\system32\drivers\\disdn scheduled to be moved on reboot.
C:\WINDOWS\system32\drivers\\AU_Backup\2\553648256 moved successfully.
C:\WINDOWS\system32\drivers\\AU_Backup\2\16 moved successfully.
C:\WINDOWS\system32\drivers\\AU_Backup\2 moved successfully.
C:\WINDOWS\system32\drivers\\AU_Backup moved successfully.
Folder move failed. C:\WINDOWS\system32\drivers\ scheduled to be moved on reboot.
C:\WINDOWS\system32\\XPSViewer\en-us moved successfully.
C:\WINDOWS\system32\\XPSViewer moved successfully.
Folder move failed. C:\WINDOWS\system32\\xircom scheduled to be moved on reboot.
C:\WINDOWS\system32\\wins moved successfully.
Folder move failed. C:\WINDOWS\system32\\wbem\xml scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\wbem\snmp scheduled to be moved on reboot.
C:\WINDOWS\system32\\wbem\Repository\FS moved successfully.
C:\WINDOWS\system32\\wbem\Repository moved successfully.
C:\WINDOWS\system32\\wbem\Performance moved successfully.
C:\WINDOWS\system32\\wbem\mof\good moved successfully.
C:\WINDOWS\system32\\wbem\mof\bad moved successfully.
C:\WINDOWS\system32\\wbem\mof moved successfully.
C:\WINDOWS\system32\\wbem\Logs moved successfully.
C:\WINDOWS\system32\\wbem\AutoRecover moved successfully.
Folder move failed. C:\WINDOWS\system32\\wbem scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\usmt scheduled to be moved on reboot.
C:\WINDOWS\system32\\URTTemp moved successfully.
C:\WINDOWS\system32\\spool\XPSEP\i386\i386 moved successfully.
C:\WINDOWS\system32\\spool\XPSEP\i386 moved successfully.
C:\WINDOWS\system32\\spool\XPSEP\amd64\amd64 moved successfully.
C:\WINDOWS\system32\\spool\XPSEP\amd64 moved successfully.
C:\WINDOWS\system32\\spool\XPSEP moved successfully.
C:\WINDOWS\system32\\spool\prtprocs\x64 moved successfully.
C:\WINDOWS\system32\\spool\prtprocs\w32x86 moved successfully.
C:\WINDOWS\system32\\spool\prtprocs moved successfully.
C:\WINDOWS\system32\\spool\PRINTERS moved successfully.
C:\WINDOWS\system32\\spool\drivers\w32x86\hpofficejet_5500_ser7a11 moved successfully.
C:\WINDOWS\system32\\spool\drivers\w32x86\3 moved successfully.
C:\WINDOWS\system32\\spool\drivers\w32x86 moved successfully.
Folder move failed. C:\WINDOWS\system32\\spool\drivers\color scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\spool\drivers scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\spool scheduled to be moved on reboot.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784 moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381 moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.374 moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wups2.dll moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784 moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381 moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374 moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469 moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wups.dll moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.374 moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup\ServiceStartup moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution\Setup moved successfully.
C:\WINDOWS\system32\\SoftwareDistribution moved successfully.
C:\WINDOWS\system32\\ShellExt moved successfully.
Folder move failed. C:\WINDOWS\system32\\Setup scheduled to be moved on reboot.
C:\WINDOWS\system32\\scripting moved successfully.
Folder move failed. C:\WINDOWS\system32\\Restore scheduled to be moved on reboot.
C:\WINDOWS\system32\\ReinstallBackups\0006\DriverFiles moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0006 moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0005\DriverFiles moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0005 moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0004\DriverFiles\i386 moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0004\DriverFiles moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0004 moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0003\DriverFiles moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0003 moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0001\DriverFiles\B_26199 moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0001\DriverFiles moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0001 moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0000\DriverFiles\i386 moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0000\DriverFiles moved successfully.
C:\WINDOWS\system32\\ReinstallBackups\0000 moved successfully.
C:\WINDOWS\system32\\ReinstallBackups moved successfully.
C:\WINDOWS\system32\\ras moved successfully.
C:\WINDOWS\system32\\PreInstall\WinSE\wxp_x86_0409_v1 moved successfully.
C:\WINDOWS\system32\\PreInstall\WinSE moved successfully.
C:\WINDOWS\system32\\PreInstall moved successfully.
C:\WINDOWS\system32\\pcintro\tools moved successfully.
C:\WINDOWS\system32\\pcintro\reminder\Warranty moved successfully.
C:\WINDOWS\system32\\pcintro\reminder\Register moved successfully.
C:\WINDOWS\system32\\pcintro\reminder moved successfully.
C:\WINDOWS\system32\\pcintro\elements\titleblocks moved successfully.
C:\WINDOWS\system32\\pcintro\elements\timeline\7 moved successfully.
C:\WINDOWS\system32\\pcintro\elements\timeline\6 moved successfully.
C:\WINDOWS\system32\\pcintro\elements\timeline\5 moved successfully.
C:\WINDOWS\system32\\pcintro\elements\timeline\4 moved successfully.
C:\WINDOWS\system32\\pcintro\elements\timeline\3 moved successfully.
C:\WINDOWS\system32\\pcintro\elements\timeline moved successfully.
C:\WINDOWS\system32\\pcintro\elements\ro_icons moved successfully.
C:\WINDOWS\system32\\pcintro\elements\plusHP_photos moved successfully.
C:\WINDOWS\system32\\pcintro\elements moved successfully.
C:\WINDOWS\system32\\pcintro moved successfully.
C:\WINDOWS\system32\\oobe\setup moved successfully.
C:\WINDOWS\system32\\oobe\sample moved successfully.
C:\WINDOWS\system32\\oobe\regerror moved successfully.
C:\WINDOWS\system32\\oobe\isperror moved successfully.
C:\WINDOWS\system32\\oobe\images moved successfully.
C:\WINDOWS\system32\\oobe\icserror moved successfully.
C:\WINDOWS\system32\\oobe\html\sconnect moved successfully.
C:\WINDOWS\system32\\oobe\html\oemreg moved successfully.
C:\WINDOWS\system32\\oobe\html\oemhw moved successfully.
C:\WINDOWS\system32\\oobe\html\oemcust moved successfully.
C:\WINDOWS\system32\\oobe\html\mouse\images moved successfully.
C:\WINDOWS\system32\\oobe\html\mouse moved successfully.
C:\WINDOWS\system32\\oobe\html\isptype moved successfully.
C:\WINDOWS\system32\\oobe\html\ispsgnup moved successfully.
C:\WINDOWS\system32\\oobe\html\iconnect moved successfully.
C:\WINDOWS\system32\\oobe\html\dslmain moved successfully.
C:\WINDOWS\system32\\oobe\html moved successfully.
C:\WINDOWS\system32\\oobe\hpoobe\Agent moved successfully.
C:\WINDOWS\system32\\oobe\hpoobe moved successfully.
C:\WINDOWS\system32\\oobe\error moved successfully.
C:\WINDOWS\system32\\oobe\actsetup moved successfully.
Folder move failed. C:\WINDOWS\system32\\oobe scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\npp scheduled to be moved on reboot.
C:\WINDOWS\system32\\mui\dispspec moved successfully.
Folder move failed. C:\WINDOWS\system32\\mui\0C0A scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0816 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0804 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0427 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0426 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0425 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0424 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\041f scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\041e scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\041D scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\041b scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\041a scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0419 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0418 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0416 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0415 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0414 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0413 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0412 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0411 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0410 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\040e scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\040D scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\040C scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\040b scheduled to be moved on reboot.
C:\WINDOWS\system32\\mui\0409 moved successfully.
Folder move failed. C:\WINDOWS\system32\\mui\0408 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0407 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0406 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0405 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0404 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0402 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0401 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui\0009 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\mui scheduled to be moved on reboot.
C:\WINDOWS\system32\\MsDtc\Trace moved successfully.
C:\WINDOWS\system32\\MsDtc moved successfully.
C:\WINDOWS\system32\\Microsoft\Protect\S-1-5-18\User moved successfully.
C:\WINDOWS\system32\\Microsoft\Protect\S-1-5-18 moved successfully.
C:\WINDOWS\system32\\Microsoft\Protect moved successfully.
C:\WINDOWS\system32\\Microsoft moved successfully.
C:\WINDOWS\system32\\Macromed\update moved successfully.
C:\WINDOWS\system32\\Macromed\Shockwave 10\Xtras moved successfully.
C:\WINDOWS\system32\\Macromed\Shockwave 10 moved successfully.
C:\WINDOWS\system32\\Macromed\Flash\FlashPlayerTrust moved successfully.
C:\WINDOWS\system32\\Macromed\Flash moved successfully.
C:\WINDOWS\system32\\Macromed\Director moved successfully.
C:\WINDOWS\system32\\Macromed\Common moved successfully.
C:\WINDOWS\system32\\Macromed moved successfully.
C:\WINDOWS\system32\\LogFiles\WUDF moved successfully.
C:\WINDOWS\system32\\LogFiles moved successfully.
Folder move failed. C:\WINDOWS\system32\\inetsrv scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\IME\TINTLGNT scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\IME\PINTLGNT scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\IME\CINTLGNT scheduled to be moved on reboot.

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 1:32 am

Folder move failed. C:\WINDOWS\system32\\IME scheduled to be moved on reboot.
C:\WINDOWS\system32\\icsxml moved successfully.
C:\WINDOWS\system32\\ias moved successfully.
C:\WINDOWS\system32\\FxsTmp moved successfully.
C:\WINDOWS\system32\\export moved successfully.
C:\WINDOWS\system32\\en-us moved successfully.
C:\WINDOWS\system32\\DRVSTORE\wlphonecv_B88DA7978559975500983DADC0107CF3AA89C14C moved successfully.
C:\WINDOWS\system32\\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312 moved successfully.
C:\WINDOWS\system32\\DRVSTORE moved successfully.
Folder move failed. C:\WINDOWS\system32\\drivers\disdn scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\drivers scheduled to be moved on reboot.
C:\WINDOWS\system32\\DNAML moved successfully.
Folder move failed. C:\WINDOWS\system32\\dllcache scheduled to be moved on reboot.
C:\WINDOWS\system32\\DirectX\Dinput moved successfully.
C:\WINDOWS\system32\\DirectX moved successfully.
C:\WINDOWS\system32\\dhcp moved successfully.
C:\WINDOWS\system32\\config\systemprofile\WINDOWS\system moved successfully.
C:\WINDOWS\system32\\config\systemprofile\WINDOWS moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Templates moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Start Menu\Programs\Startup moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Start Menu\Programs\Online Services moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Start Menu\Programs\Accessories\Entertainment moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Start Menu\Programs\Accessories\Accessibility moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Start Menu\Programs\Accessories moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Start Menu\Programs moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Start Menu moved successfully.
C:\WINDOWS\system32\\config\systemprofile\SendTo moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Recent moved successfully.
C:\WINDOWS\system32\\config\systemprofile\PrintHood moved successfully.
C:\WINDOWS\system32\\config\systemprofile\NetHood moved successfully.
C:\WINDOWS\system32\\config\systemprofile\My Documents\My Pictures moved successfully.
C:\WINDOWS\system32\\config\systemprofile\My Documents\My Music moved successfully.
C:\WINDOWS\system32\\config\systemprofile\My Documents moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XRONGTWG moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SO53CL3I moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G58IO9NJ moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4N1K03D4 moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3LD1EAOB moved successfully.
Folder move failed. C:\WINDOWS\system32\\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing moved successfully.
Folder move failed. C:\WINDOWS\system32\\config\systemprofile\Local Settings\Temporary Internet Files scheduled to be moved on reboot.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Temp moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100820081009 moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100720081008 moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100620081007 moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920081006 moved successfully.
Folder move failed. C:\WINDOWS\system32\\config\systemprofile\Local Settings\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\config\systemprofile\Local Settings\History scheduled to be moved on reboot.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050} moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft\Works\Portfolio moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft\Works moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0 moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft\Windows moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Microsoft moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\Google moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data\ApplicationHistory moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Local Settings\Application Data moved successfully.
Folder move failed. C:\WINDOWS\system32\\config\systemprofile\Local Settings scheduled to be moved on reboot.
C:\WINDOWS\system32\\config\systemprofile\Favorites\Links moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Favorites moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Desktop moved successfully.
Folder move failed. C:\WINDOWS\system32\\config\systemprofile\Cookies scheduled to be moved on reboot.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Symantec moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Real\rnadmin moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Real\RealPlayer moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Real\Msg moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Real moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\SystemCertificates\My moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\SystemCertificates moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-776561741-1229272821-725345543-500 moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\Protect moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\MMC moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\Media Player moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\Crypto\RSA moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\Crypto moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\Credentials moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322 moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705 moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\CLR Security Config moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft\Address Book moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Microsoft moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR\NewCfg moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR\downfile moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\GERB7WK2 moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Macromedia\Flash Player moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Macromedia moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Intuit\Quicken\Data moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Intuit\Quicken\Config moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Intuit\Quicken moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Intuit moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06} moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Identities moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\EmailNotifier moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data\Digital Interactive Systems Corporation moved successfully.
C:\WINDOWS\system32\\config\systemprofile\Application Data moved successfully.
Folder move failed. C:\WINDOWS\system32\\config\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\config scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\\Com scheduled to be moved on reboot.
C:\WINDOWS\system32\\CatRoot_bak moved successfully.
Folder move failed. C:\WINDOWS\system32\\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} scheduled to be moved on reboot.
C:\WINDOWS\system32\\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} moved successfully.
Folder move failed. C:\WINDOWS\system32\\CatRoot2 scheduled to be moved on reboot.
C:\WINDOWS\system32\\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} moved successfully.
C:\WINDOWS\system32\\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} moved successfully.
C:\WINDOWS\system32\\CatRoot moved successfully.
C:\WINDOWS\system32\\appmgmt\S-1-5-21-3063714465-1978530528-3707306470-1008 moved successfully.
C:\WINDOWS\system32\\appmgmt\MACHINE moved successfully.
C:\WINDOWS\system32\\appmgmt moved successfully.
C:\WINDOWS\system32\\Adobe\Shockwave 11\Xtras moved successfully.
C:\WINDOWS\system32\\Adobe\Shockwave 11 moved successfully.
C:\WINDOWS\system32\\Adobe\Director moved successfully.
C:\WINDOWS\system32\\Adobe moved successfully.
C:\WINDOWS\system32\\3com_dmi moved successfully.
C:\WINDOWS\system32\\3076 moved successfully.
C:\WINDOWS\system32\\2052 moved successfully.
C:\WINDOWS\system32\\1054 moved successfully.
C:\WINDOWS\system32\\1042 moved successfully.
C:\WINDOWS\system32\\1041 moved successfully.
C:\WINDOWS\system32\\1037 moved successfully.
Folder move failed. C:\WINDOWS\system32\\1033 scheduled to be moved on reboot.
C:\WINDOWS\system32\\1031 moved successfully.
C:\WINDOWS\system32\\1028 moved successfully.
C:\WINDOWS\system32\\1025 moved successfully.
Folder move failed. C:\WINDOWS\system32\ scheduled to be moved on reboot.

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by Doctor Inferno on Thu Oct 09, 2008 3:38 am

Download [You must be registered and logged in to see this link.], and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Code box below, and paste it into the Input script here: part of the window:

Code:
Drivers to disable:
tdssserv

Drivers to delete:
tdssserv

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\tdssserv.sys HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Control \ SafeBoot \ Low \ tdssserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\tdssserv.sys HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Control \ SafeBoot \ Network \ tdssserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ tdssserv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ tdssdata
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Network \ UID
HKEY_LOCAL_MACHINE\SOFTWARE\tdss HKEY_LOCAL_MACHINE \ SOFTWARE \ tdss

Files to delete:
C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp\tmp31F.tmp C: \ Documents and Settings \% username% \ Local Settings \ Temp \ tmp31F.tmp
C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp\pgcdmqkl.exe C: \ Documents and Settings \% username% \ Local Settings \ Temp \ pgcdmqkl.exe
C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp\.ttBC.tmp C: \ Documents and Settings \% username% \ Local Settings \ Temp \. TtBC.tmp
C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp\tdsBB.tmp C: \ Documents and Settings \% username% \ Local Settings \ Temp \ tdsBB.tmp
C:\WINDOWS\Temp\tdss6b43.tmp C: \ WINDOWS \ Temp \ tdss6b43.tmp
C:\WINDOWS\Temp\tdssd698.tmp C: \ WINDOWS \ Temp \ tdssd698.tmp
C:\WINDOWS\Temp\tdssd89b.tmp C: \ WINDOWS \ Temp \ tdssd89b.tmp
C:\WINDOWS\Temp\tdssda12.tmp C: \ WINDOWS \ Temp \ tdssda12.tmp
C:\WINDOWS\system32\tdssadw.dll C: \ WINDOWS \ system32 \ tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll C: \ WINDOWS \ system32 \ tdssinit.dll
C:\WINDOWS\system32\tdssl.dll C: \ WINDOWS \ system32 \ tdssl.dll
C:\WINDOWS\system32\tdsslog.dll C: \ WINDOWS \ system32 \ tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll C: \ WINDOWS \ system32 \ tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll C: \ WINDOWS \ system32 \ tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat C: \ WINDOWS \ system32 \ tdssservers.dat
C:\WINDOWS\system32\drivers\tdssserv.sys C: \ WINDOWS \ system32 \ drivers \ tdssserv.sys


* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104584
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: How do i remove the rtkt_stitch.d virus

Post by tenaj on Thu Oct 09, 2008 3:54 am

once i rebooted from OTMoveIt3 - windows wouldn't start anymore. It said that system32\driver\pci.sys was missing or corrupt and insert the original windows cd and I did and when it recovered i lost everything i had. It said it won't disturb my data files but it did. Microsoft Office is gone. My security software I had to install over. All my custom programs are go. All my programs, all data I had everywhere. Bummer. What a way to get rid of a virus. But one thing is for sure. That dang gum virus is gone. I hope.

Thanks for all the help. You guys tried and I appreciated it.

tenaj
Novice
Novice

Posts Posts : 26
Joined Joined : 2008-10-07
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum