How to manually remove inline hook win32.sys?

[dstebbins]

I'm currently in "safe mod w/ networking."

My AVG Antivirus says that I have a virus they can't remove - inline hook win32.sys - and I looked online for a solution.

I found several step-by-step instructions on how to manually delete this virus, but there's just one problem: each of these lists assume that I know what files are caused by this virus and which ones aren't!

Take this article, for instance:

http://rescueyourcomputer.blogspot.com/2014/08/useful-steps-on-removing-inline-hook.html

Step 2 says to "Stop all the running processes of Inline hook win32k.sys." Well, I'd love to do that! Only problem is ... I have no clue which processes in my Task Manager are caused by this virus!

Here's a copy of my current task manager (remember, I'm in safe mode):

What processes do I need to eliminate before I can move on to step 3?

I think I understand Step 3 ok, but Step 4 confuses me.

"Clean all the malicious files about Inline hook win32k.sys as below."

What? First of all, I can't find the folders that they're telling me to go to! Second, how do I "clean" them?

I also found another article that suggested I could use SpyHunter. Only problem is ... while that software found plenty of problems that were slowing down my computer (not just win32k.sys), they refused to actually REMOVE these problems until I purchased a license, and I can't afford that right now.

What am I supposed to do? Some software that could remove this virus for me would be awesome, but I can't afford that right now, and I can't figure out how to do this myself!

 

[Agent Smith]

If you have another computer I would burn Bitdefender Rescue disk and scan with that. http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html

Or if you can...install Herdprotect and scan your computer in safe mode with networking. It will take a very long time and must be done twice. I'd opt for the Rescue disk. You might wanna run rkill before Herdprotect.

BTW, Process Explorer may help.

 

[johnb35]

Please run the following and post the logs. Hopefully you don't have 2 antivirus programs installed at the same time. And do yourself a favor and come here for advice instead of a page like that you linked to. Some of those are false sites.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL

 

[dstebbins]

Why can't you just tell me how to remove the virus? For god's sake! I've already an antivirus, and it's not helping! Why can't you just tell me how to do it myself?!

 

[dstebbins]

I'm currently in safe mode with networking. If I stay in safe mode, my firefox browser comes up without issue.

But if I'm not in safe mode, none of my browsers work. When I click on the Firefox icon, my task manager shows Firefox appearing for a few seconds, taking up less than 1,000k of ram, and then immediately deletes itself.

Internet explorer will at least come up, on screen, but it will crash before it even loads the home page.

Googe Chrome - the only other browser I have installed - doesn't even appear on the task manager at all.

I recently made a thead about inline hook win32k.sys being on my computer. Could that be the problem?

 

[beers]

Why can't you just tell me how to remove the virus? For god's sake! I've already an antivirus, and it's not helping! Why can't you just tell me how to do it myself?!

lol, he just gave you a step by step guide. If you can't even vaguely attempt to help yourself then good luck.

 

[johnb35]

Why can't you just tell me how to remove the virus? For god's sake! I've already an antivirus, and it's not helping! Why can't you just tell me how to do it myself?!

As beers as said, I gave you steps on what to run so we can see whats on your system. An antivirus program won't help you 100 percent to remove all malware. Thats why we have these other programs to help, and there are many more available to use. If you don't want to run those steps then we can't help you.