27/07: Removing WinIK.sys trojan
Category: Tech Support
Posted by: kcarp888
Oh my god WinIK.sys was a hard Trojan to get rid of. A few days ago my brother in law started having problems with his computer and asked me to fix it for him. Me, being a good brother in law said "sure I'll fix it." Three hours later and mounds of hair on the computer desk still no fix. I went into safe mode, out of safe mode, punched the computer, and nothing worked. The WinIK.sys has other files that help it work but this is the main file it uses. I did a search in the registry and found that it was working with a .dll file. The file had random letters in it and was located in the program files. I was like "YES I FOUND THE FILE TO DELETE!" So I deleted it. Guess what....Yep it didn't help. So I searched the internet and finally found a site that helped me a little. A user on the site's forum suggested to dual boot and go into the directory and delete the WinIK.sys. But guess what..I didn't have another Operating system to boot up. Another user suggested to go into the Windows cd to boot into the recovery console. I was like whoa whoa I'm going to break my brother in laws computer. So we dug up the Windows CD and booted up in the “repair an installation using the recovery console" make sure you DO NOT CHOOSE THE AUTOMATED OPTION. OK I'm in the recovery console and watching the curser blink and thinking "Man if I mess up now, I wonder how much will my brother in law get in trouble with my sister for not taking it to a computer repair store." I think about for about a second then start typing away. At the C:/> I typed cd windows/system32/drivers that brought me to the drivers folder. If you’re trying to get the winIK.sys off you might have to type cd windows then cd system32 then cd drivers to get into the folder. I did a dir and found that there indeed was the WinIK.sys in there. So I typed rename winik.sys winik.sys.old but it said access denied. At this point I was punching my sister’s cat in the face. I mean really punching it in the face like I gave it a headlock then started punching it. Ok after I gained my composure back. I remembered back in my computer class I took in college and forgot that drivers have file attributes. So I started typing again. I typed attrib -r winik.sys then attrib -s winik.sys then finally attrib -h winik.sys. Then I went in and renamed winik.sys winik.sys.old and Walla. WinIK.sys was renamed to WinIK.sys.old. Now I booted back into windows and went to the folder that had the random letters and deleted that in the program files, then went to the C:/windows/system32/drivers folder and deleted winIK.sys.old. Then finally went into the registry searched for all WinIK stuff and the random letters.dll and exported them out of the registry and rebooted. That fixed the problem. I was so ecstatic that I was kissing the cat, even though it was scared to death of me. To make the steps clear on who ever has this crazy Trojan to take off. I made a step by step list below.
Disclaimer: I do not take any responsibility if this does not work or if you break your computer.
1. Open your Registry using the Run command type regedit.
2. Find WinIK
3. Write down where the files are. Make sure you get the random lettered .dll file.
4. Find your windows recovery disk.
5. Skip step 4-11 if you have a dual boot system. Boot into your other OS and delete the Winik.sys from the drivers folder.
6. Reboot your computer with the windows recovery disk in your CD/DVD player.
7. Select the Option "repair an installation using the recovery console" NOTE: DO NOT USE AUTOMATED OPTION
8. In the recovery console type cd windows then cd system32 then cd drivers
9. AT the c:/windows/system32/drivers/> type attrib -r winik.sys then attrib -s winik.sys then attrib -h winik.sys
10. Type rename winik.sys winik.sys.old
11. Type Exit
12. Once the computer has rebooted. Delete the random letters folder in your program files
13. Delete the winik.sys.old from the C:/windows/system32/drivers folder
14. Open your registry using the Run command type regedit.
15. Find WinIK
16. Export all instances with WinIK name it WINIK.bak
17. Reboot your computer
18. Delete WinIK.bak
Disclaimer: I do not take any responsibility if this does not work or if you break your computer.
1. Open your Registry using the Run command type regedit.
2. Find WinIK
3. Write down where the files are. Make sure you get the random lettered .dll file.
4. Find your windows recovery disk.
5. Skip step 4-11 if you have a dual boot system. Boot into your other OS and delete the Winik.sys from the drivers folder.
6. Reboot your computer with the windows recovery disk in your CD/DVD player.
7. Select the Option "repair an installation using the recovery console" NOTE: DO NOT USE AUTOMATED OPTION
8. In the recovery console type cd windows then cd system32 then cd drivers
9. AT the c:/windows/system32/drivers/> type attrib -r winik.sys then attrib -s winik.sys then attrib -h winik.sys
10. Type rename winik.sys winik.sys.old
11. Type Exit
12. Once the computer has rebooted. Delete the random letters folder in your program files
13. Delete the winik.sys.old from the C:/windows/system32/drivers folder
14. Open your registry using the Run command type regedit.
15. Find WinIK
16. Export all instances with WinIK name it WINIK.bak
17. Reboot your computer
18. Delete WinIK.bak
