Removing the WinIk Trojan

This trojan appears to be installed by a system driver winik.sys which loads on boot-up. In the course of running it creates a random directory in the Program Files folder, and then starts a randomly named exe file multiple times, until, basically, the machine locks up.

I tried several of the suggestions found in several threads.What finally worked was:

1. Boot computer with floppy disk from Windows 98.
2. Delete C:\WINNT\SYSTEM32\Drivers\winik.sys
3. Delete c:\Program Files\XXXXXXXX where XXXXX is the folder containing
AAAAAAA.dll
AAAAAAA.exe
BBBBBBB.exe
profile.???

(substitute the names of the actual directories/files)

4. Reboot machine
5. Clean registry with CCleaner.
Repeat step 5 until it shows that all the bad keys have been deleted. I had several thousand.
6. Rescan using Microsoft Anti-Spyware, Ad-Aware, and Spybot
All three showed different problems (!)

Notes:

1. By booting with Win98 I was able to access the files on the C: drive on the Windows 2000 Professional drive FAT32.
If it had been NTFS, I might have stayed further in the soup, but it appears that Win98 successfully ignored any file attribute settings or any settings based on Windows security.

2. Before doing any of this, I would give serious consideraton to reformatting the hard drive, and reinstalling everything.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s