Bamital-X

Apparently I got infected with this virus. I’ve tried removing it through avast but it just says Error: the specified file is read only(6009). I’d appreciate it if someone guided me through the removal of this instead of directing me to another thread with the same problem. I basically know nothing about computers and that wouldn’t help me at all. :-\

C:\WINDOWS\explorer.exe High Threat: Win32: Bamital-X move to chest Error: the specified file is read only(6009)

Well i can direct you to some tools that you can download and run, if that does not solve it we will call in the expert malware killer Essexboy

so start with running these

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click the remove selected button to quarantine anything found
you may post the scan log here

Save to desktop and run from there. They have no update function but are fully updated when you download
Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en
DrWeb CureIt http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/

Follow what Pondus has said first, But since Avast detects this, You might also try a boot time scan with Avast.

I saw those suggestions from another thread and tried it with no luck. I guess I’ll try again tonight since I’ts late and I have to sleep anyway.

@Marc I did try but its only available in 32 bit operating systems.

Sorry, I didn’t know you were on a X64 system.

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Click on Minimal Output at the top
[*]Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select “Save”
[*]Double click inside the Custom Scan box at the bottom
[*]A window will appear saying “Click Ok to load a custom scan from a file or Cancel to cancel”
[*]Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
[*]Select scan.txt and click Open. Writing will now appear under the Custom Scan box
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Here’s extras.txt and otl.txt.

I will now need you to do the following for three separate files - on completion of each file check please let me know windows response

Go to start > Run and type in the following

sfc /SCANFILE=c:\windows\explorer.exe

Go to start > Run and type in the following

sfc /SCANFILE=C:\Windows\SysWow64\explorer.exe

Go to start > Run and type in the following

sfc /SCANFILE=C:\Windows\SysNative\svchost.exe

My background is black 'cause explorer.exe isn’t working. Do I do this with task manager? I tried it and nothing happened.

Press the windows key+ R together and that will open the run dialogue

Doesn’t open it.

Can you access safe mode ?

Lets try it as a batch file

sfc /SCANFILE=c:\windows\explorer.exe sfc /SCANFILE=C:\Windows\SysWow64\explorer.exe sfc /SCANFILE=C:\Windows\SysNative\svchost.exe exit
Next you will need to create the batch fix to do that copy and paste [b]ALL[/b] of the above in the quote box to a notepad file. Then in the text file go to [b]FILE > SAVE AS [/b] and in the dropdown box select [b]SAVE AS TYPE [/b] to[b] ALL FILES [/b] Then in the [b]FILE NAME [/b] box type [b]fix.bat[/b]

This will create a batch file
http://img524.imageshack.us/img524/9383/batmp6.jpg

Then run fix.bat by double clicking you may see a black box appear this is normal

The box appears then disappears.

Can you now reboot and see if explorer runs

If that fails then can you get to safe mode and try the run command

Yup it runs. Is my computer rid of it now?

What problems do you have at the moment then ?