Possible virus?

Anyone come across a file nkiao.sys?

AV came up with a couple of problems, so into safe mode, got rid of one or two of the usual trojans from my c:\temp folder and that seemed about it.

The programme (Avira free) then told me it couldn't open the above mentioned file (which only appeared this evening) so I tried renaming it to *.tmp but it wouldn't let me. It also has decided not to let me update Malwarebytes, so I'm assuming it's this which is causing my problems?

This is all on my main machine, which I need running tomorrow morning.

Just hoping someone can help me delete/rename it as I'm really not in the mood for running a full backup at this time of night.

Thanks.

Trying it now, but can only run anything in safe mode at the moment.

Some *security suite* seems to have taken me over.

If it works, great. If not, back to the original idea of running Acronis.

Thanks for the advice on Combofix by the way, had forgotten about it.

By the post about a security suite taking over your PC are you on about these "Internet Security 2010" viruses that pretend to scan your pc and find lots of viruses then not let you use them until you pay a fee to them? These are absolute barstewards to get rid of.

I do it manually as the ones I have seen have always stopped you installing other anti-virus programs or even visiting the download sites in your browser!

• Boot into safe mode

• One here click on start, run, then type msconfig and press enter. (if on Vista just click start and type msconfig)

• A window will pop up, go to the start-up tab and then untick anything that looks suspicious or that resembles the name of the security suite that starts up (so say its called internet security 2010, untick anything that is called this or IS2010 etc)

• Do the same for the services tab to stop the service that is hijacking your computer and stopping your normal anti-virus from running.

Look at where the services are running from, the folder names and locations from the first tab will give you clues as to which services you need to disable. Be careful not to disable any windows ones though, if in doubt, take the service name and search for it in google.

• Next click apply and then close MsConfig, you will be prompted to restart.

• Allow the computer to restart and, fingers crossed, you will boot up normally with no hijacking of your computer.

You will get a pop-up from MsConfig telling you that some services are disabled so just click "Do not show this message again" and then click ok.

• Lastly, run your anti-virus which *should* now be able to remove the files, if not, boot back into safe mode and remove them yourself or search on google for the name of the virus and most will have a removal tool for download. (just scan the file first!)

Hope this is of help mate, post back if you have problems.

Firstly, thanks for all the replies.

Yes, it was one of those *anti-virus* programmes. No idea where it came from, but certainly know where it's gone.

I had a couple of attempts to remove it in safe mode, but as soon as I booted back to Windows it came back again.

To be honest, life's too short to start getting rid of things one by one, so I just formatted, ran a back up and we're up and running again.

All I can suggest is to keep constant back ups of your system.

This machine gets a full back up every Wed (internal drive) and Friday (external in another building)

Also all documents are backed up to FTP every night (with File Fort), and to lappy (via SyncToy) every day after finishing.

Paranoid? <Churchill dog>Oh Yes.</Churchill dog>

Both the bottom ones are free software. I use Acronis for the main backups, though Recuva <sp> will do the same and is also a freebie.

All links are in the useful freeware apps sticky at the top of this page, apart from Synctoy which is a gift from Microsoft.

Hope that this will maybe help others to avoid the same problems?

Cheers.