Comments on: Biohazard outbreak of wintems.exe – 28 hours later (how to get rid of a virus if you can’t boot to safe mode and your computer keeps deleting anti virus software)

By: Digital Caliper

Digital Caliper — Wed, 20 Oct 2010 20:35:43 +0000

for me, the best scanner is avast antivirus and kaspersky. they can really find those annoying malwares:’*

By: how to make a gun

how to make a gun — Sat, 28 Aug 2010 18:48:34 +0000

Bitdefender! That was the name I was trying to remember. I’ve been looking for something to supplement NOD32.

By: Josiah Russell

Josiah Russell — Sat, 21 Aug 2010 18:46:37 +0000

i am only using free virus scanners like avast and avira but they seem to be great tools though,`,

By: Paul Trewhitt

Paul Trewhitt — Fri, 08 Jan 2010 15:27:51 +0000

Interessanter Beitrag, danke.

By: Miro

Miro — Tue, 03 Nov 2009 09:46:13 +0000

7even my friend you could’ve just ask, and i would told you that new Nod32 has Sysrescue option that boots and cleans your system when there is no other option. Got the cd right here.

By: OnlineMate

OnlineMate — Tue, 16 Sep 2008 23:02:39 +0000

I find it ridiculous that many PC owners prefer installing all kinds of trials and demos and

By: andy

andy — Fri, 29 Aug 2008 09:40:34 +0000

Had this for a while now, cannot get rid of it!! I also would like to hang the dick who created it, gives me a thought though, if everyone donated a dollar who got stung with this it might be enough to pay a guy to break their legs

By: Miron

Miron — Sat, 21 Jun 2008 19:32:58 +0000

Thanks man.
I had the same fucking problem. (I had AntiVir Anti-virus)
I solved the problem by running into Safe-Mode, and luckily, the SpyBot
was able to run, and clean it.

By: Kelly

Kelly — Tue, 27 May 2008 17:37:37 +0000

I think that we have the same thing here. Thanks for posting all this information you have saved me a lot of money. We outsource most of this stuff so hopefully we can correct it.

By: Korpheous

Korpheous — Fri, 25 Apr 2008 21:04:25 +0000

I can’t believe how bad trhis virus really is.. I’d like to hang the bastard who created this, by his balls.
Shamless people.

By: seven

seven — Tue, 22 Jan 2008 08:53:39 +0000

This is insane. I live in fear of infection day by day… running nightly virus scans… my workstation is operating at 50% of cpus (since other 50% is taken by ativirus scanners)…

Some of my friends suggested running virtual pc and browsing the internet on completely separate os installation. Well, that would be a great idea if surfing the net wouldn’t be may day job. :)

By: bloo2k

bloo2k — Tue, 22 Jan 2008 04:33:33 +0000

I’ve got same problem, however, i managed to remove the rootkit first (or i’ve just thought I did :( ).
The malware prevent most of anti virus/rootkit running. So I had to use tool that don’t need install.
I download some tool from this site _http://antirootkit.com/software/index.htm (those with five star ;) )

BEFORE extract the packages, I renamed the extention of .exe file to .exe.bak (so it can’t get infected), renamed the file name (so the malware can’t close the sofware by it name).
AFTER extracted, I set those *.exe.bak file to READONLY, and rename to *.exe to start using them.

First I used Panda Anti-Rootkit to detect rootkit, and it found several interesting things, but I noticed those :

C:\WINDOWS\system32\drivers\hldrrr.exe;;”TRUE”;”FALSE”;”FALSE”;”SOFTWARE\Microsoft\Windows\CurrentVersion\Run”;”drvsyskit”;”TRUE”;” “;” “;” “;” “;” “;” “;” “;” “;
C:\WINDOWS\system32\wintems.exe;;”FALSE”;”FALSE”;”FALSE”;”SOFTWARE\Microsoft\Windows\CurrentVersion\Run”;”german.exe”;”TRUE”;” “;” “;” “;” “;” “;” “;” “;” “;
C:\WINDOWS\system32\drivers\srosa.sys;;”TRUE”;”FALSE”;”FALSE”;”SYSTEM\CurrentControlSet\Services\srosa”;”ImagePath”;”FALSE”;” “;” “;” “;” “;” “;” “;” “;” “;

but unfortunately, It can’t remove them. I can’t use explorer and regedit neither.
But with Rootkit UnHooker, I killed and erase hldrrr.exe, wintems.exe, and IceSword to delete registry entries, srosa.sys file.
After reboot, I check the system again with Panda Anti-Rootkit, IceSword, Rootkit Unhooker and look like everything is clean (with rootkit :) ). Now I can running antivirus software, hope it’ll clean the system (although so many services, software was broken :( )

Sorry about my English, but I hope I can give your guy some issues to solve this problem, so maybe you will not suffer as I did.

By: yerlizard

yerlizard — Sat, 19 Jan 2008 17:24:42 +0000

I’m having the exact same problem! Following your outline for repair. Running Bitdefender online scan right now

By: Dimas

Dimas — Wed, 16 Jan 2008 19:39:14 +0000

Man you saved my life (and a lot of time)!

I’ve tried a lot of things before reading your post (killing process, booting on linux… removing that one thousand *** .exe files, …).

I’ve create a batch file like this:

:@loop
taskkill /IM wintems.exe
goto @loop

And so…

Then I take notice here about the Root Kit…

Thanx a LOT! =)

Today I swear that I will put my wireless card to work on *linux*… then ALL my problems will stop.

By: seven

seven — Tue, 15 Jan 2008 22:28:12 +0000

Nope, it wasn’t nods config fault. As I said, nod already ignored couple of viruses on my system last year and he allowed them to get installed. When this shit happened, I was running nod32 daily and realtime scanning was on for everything.

Anyways…Few days later after uninstalling nod32 and testing BitDefender, I can tell you how bad nod32 email scanner is. I thought that my outlook is dying because of my 5 gb inbox, but it was nod32s fault. He was freezing my whole system while he was scanning emails. Although, now with BitDefender, I noticed radical slowdown of application startup time.

By: Manuel

Manuel — Tue, 15 Jan 2008 06:44:41 +0000

Just finished cleaning my hard drive from yet another bagle spawn. My aproach was to unhook my HD and scan it as slave from another system. And yes, NOD32 was the tool of trade.
Usually, when someone gets infected running nod32 its because they didnt configure it right. I was infected not because nod32 is a bad antivirus, but because I ran the damn trojan. Yes, I double clicked it.

By: daemon

daemon — Mon, 14 Jan 2008 09:37:06 +0000

Quote: “I tend to keep my xp in good condition (or at least better than what rest of my crew does)”

LIES!! Mine works like Swiss clockwork!