I've identified it as "NetUtils2016" and it sits as a .sys extension and a .dll extension in my Windows/System32 folder. It sits in the root folder as a .dll and sits in the drivers folder as a .sys file. I'm 99.9% certain it's causing issues with my browser, but I can't delete the file because it has a dependency attached to winlogon.exe which is a Windows startup program. There's no way to prevent winlogon.exe from running since it's crucial to the system's functionality. Deleting it in any form will crash the system, so there's no way to get rid of winlogon.exe to delete NetUtils2016.dll.
The weird and worrying part is that software like fileASSASSIN and FileMenu Tools can't even see the file. It doesn't pick anything up when you try to find the file through the program's browser. I can use Windows Explorer and look and rename the file and all this, but if I try to use other software to locate it and delete it, it's hidden completely. Directly referencing the file brings up nothing, and the program acts as if the file isn't even there.
Another thing (Might be related, maybe not) that was really weird is that the other night, my Firefox went absolutely nuts and opened up about 70-90 tabs in the span of a couple seconds referencing the website "oxp.reactivatesuggester.com" and a string of characters. Obviously pop ups and spam, but googling it gave me pretty much nothing. When I had closed all the tabs, it opened dozens and dozens of instances of Firefox before I eventually just restarted my computer. I cleaned up a few things here and there, and it hasn't happened since. Virus scans bring up nothing for either oxp.reactivatesuggester.com, nor NetUtils2016. The reason I know it's Netutils is because I now have keywords on certain websites turning into ads and hovering over it will say "Ads by netulis" and it's impossible to get rid of. Fresh installs of Firefox do nothing, so I'm led to believe it's this file in my System32 folder, because that's the only real instance of Netulis that's on my computer.
In short, I need to find a way to permanently kill these files that are dependent on crucial Windows programs. They're "in-use" and using some programs "Delete On Boot" function doesn't seem to work, probably because winlogon.exe is the initial service to start up. GMER reveals nothing either, so Rootkits don't seem to be at play and virus scans didn't reveal anything.
[B]EDIT: I might have beaten it. I'll keep this thread updated just in case things are acting up. Fuck me it gave me a scare. No sign of a rootkit, hidden system-dependent file?? Shit's not fun but a quick visit to the registry should have taken care of it. The files still exist in both folders but my browsers don't seem to be affected anymore.[/B]
Sounds like this.
[url]https://www.bleepingcomputer.com/virus-removal/remove-ad-by-netutils-advertisements[/url]
Judging by the picture at the bottom having the same file you have, it is.
[t]https://www.bleepstatic.com/swr-guides/n/netutils/mbam-netutils.png[/t]
Fuck me if I had to deal with all that I think I'd just reformat at that point :v:
[QUOTE=J!NX;51798364]Fuck me if I had to deal with all that I think I'd just reformat at that point :v:[/QUOTE]
Thought about it tbh. This is a pretty new computer, but I had JUST transferred all my files over and all my shit was in place. So as a last resort, probably.
A quick registry change might have done the trick, so we'll see.
I would've tried replacing the file using Linux or something. Just download Ubuntu and make a bootable USB drive from it, boot your PC from the USB drive and replace the files while they are not in use with files from another PC. Just make sure that they are exactly the same version.
[QUOTE=Robotboy655;51798484]I would've tried replacing the file using Linux or something. Just download Ubuntu and make a bootable USB drive from it, boot your PC from the USB drive and replace the files while they are not in use with files from another PC. Just make sure that they are exactly the same version.[/QUOTE]
I know this is from hours ago, but this still fucks me up every time because of Windows 8+ and its weird hybrid boot thing.
Hold shift when you shutdown so that Windows actually releases control of the drives.
This isn't necessarily for OP, just in case anyone ever finds this thread and reads Robotboy's suggestion.
3 things that I always do,
Install avast/avira, scan that shit, then sfc /scannow in cmd if nothing else clean reinstall windows because fuck microsoft.
Sorry, you need to Log In to post a reply to this thread.