1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Rootkit detected in docqim.sys, cannot delete/ Cant run Hijack this /

Discussion in 'Virus & Other Malware Removal' started by liam-c, May 6, 2010.

Thread Status:
Not open for further replies.
  1. liam-c

    liam-c Thread Starter

    May 6, 2010

    Can't run Hijack this, i get this message "...for some reason your system denied access to the Hosts files..."

    When i run a scan and try to generate a log i just get a blank notebook.


    My laptop has been heavily infected recently.

    I have run several antivirus apps and have managed to clear up most of the symptoms, but i fear it is still infected as antivirus software keeps detecting maliscious behaviour.

    Symptoms have included:

    rougue antivirus software - I had a problem with "Vista AntiMalware 2010" overtaking my computer, since seems to have been resolved.

    Online banking pages seem to have been affected by displaying fields asking for all my bank card details, including bank card number and pin number.


    Redirected to ads when i click on links in browser.

    IE/Firefox/Opera have flakey functionality.

    I seem to have managed to clear up most of these symptoms, but Avast, AVG are still detecting docqim.sys as being infected with a rootkit, and says it is a hidden service. Antivirus\Avast\Housecall have been unable to fix this, and i cannot delete the file manually. I have also tried this in safe mode, still no luck.

    I have also detected the same file using Housecall, but it seems i can no longer use housecall as it yields and error when i try to run it.

    Also, Avast initialy yielded a BSOD when i first tried to run it, until i went into safe mode and turned off all its services before running another scan.
  2. Rorschach112


    Oct 12, 2008
    Download ComboFix here :

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

      Click me

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/921483

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice