Remove 2 threats

December 1, 2009 at 19:28:55
Specs: Windows XP, 512
I need to remove Personal Guard 2009 and worm.win32.netsky
I've done Spybot, AVG and C-Cleaner and currently Malwarebytes. Nothing seems to work. Tried to restart in Safe mode and it blocked me from doing so. Anti Virus Software claims to have detected it but it can't remove it. Don't know what else to do.

See More: Remove 2 threats

Report •

December 1, 2009 at 19:41:06
If you have access to another computer take the infected drive out and scan it from the other computer with Malwarebytes again or Avast (free edition).

Report •

December 1, 2009 at 19:45:17
Try to run these scans and post their logs. Let me know if you cannot run them.

Please save this file to your desktop.


Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.


1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply.

Download Gmer.exe from the following link.


1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.

Report •

December 1, 2009 at 19:45:24
Can't because I don't have access to another computer. :-(

Report •

Related Solutions

December 1, 2009 at 19:51:51

Run this first or second please, then continue.

You may need to download the to a usb drive or cd and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.


Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.

If nothing happens or if the tool does not run, please let me know in your next reply.

Report •

December 2, 2009 at 00:00:36
try to remove Personal Guard 2009 and Worm.Win32.Netsk manually. search for malicious files and remove them

Report •

Ask Question