Jump to content

[Split] Lothar

Recommended Posts

Yesterday, I managed to pick up a combo of Antimalware Doctor and the fake Microsoft Security Essentials virus. After a couple of go-rounds with MBAM and Spybot S&D, the above two seem to have been mostly nuked; however, I'm still experiencing some issues.

- To run MBAM at all, I had to rename the .exe, so something is blocking it from running.

- Running rkill.exe didn't turn up any malicious processes.

- Avast is preventing explorer.exe from launching, saying that it contains a virus; a scan with Avast reports that explorer.exe and C:\Windows\SysWOW64\wininit.exe are infected with the Win32/Bamital-AC trojan. (I can still run other processes via the task manager and cmd.exe, seemingly without issue.)

- However, running MBAM again turns up 0 infections detected.

Searching for "Bamital-AC" on the forums doesn't yield anything; a search for "Bamital" returns several threads, but none (so far as I can tell) for this incarnation of the virus, and all the instructions provided seemed pretty case-specific.

Any help you guys could provide would be much appreciated.


I am having the identical problem. Hope this gets updated soon - computer is virtually inusable with explorer.exe taken out.

Link to post
Share on other sites

I am having the identical problem. Hope this gets updated soon - computer is virtually inusable with explorer.exe taken out.

Actually - not exactly the same.

- Also picked up a number of the trojans you outlined above, but malwarebytes removed most

- Explorer.exe stopped running, and performing a bootup scan with Avast turned up infections in winlogon.exe and explorer.exe. Defined as Win32: Bamital-AC. However, no removal possible

- Malwarebytes is now coming up with all clear (when run through task-manager, with explorer not working)

Hope anyone has any hints on this - as searching the internet doesnt come up with much - what it does come up with is all fresh, so this must be a new item.

Of course, these things can hide out and activate - but the whole thing went off when I launced software downloaded from cnet.downloads.com

Link to post
Share on other sites

Hello lothar

Welcome to Malwarebytes.


  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold







    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles


    %systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.