RegRunCK.exe

Free tool for removing NTFS rootkits and Access Denied errors

Google redirect problem solved using RegRunCK.exe. It detects MAX++ rootkit and removes rootkit′s NTFS mount points

If you have the similar problem :
 "I am having a problem with Google redirects. Almost everytime I do a google search, when I click on a search result, I get redirected to another site."
You should check your computer immeditelly. Probably you are infected by MAX++ or TDSS rootkit.
Download and open RegRunCK.exe.
RegRunCK.exe is a free of charge. It doesn′t include viruses/adware/spyware.
You will see DOS-like window:

Wait for finishing executing of the RegRunCK.exe.
You will see execution log on the screen.

RegRunck.exe v.1.0.3
Processing C:\WINDOWS.

Found rootkit point!
C:\WINDOWS\$hf_mig$\KB912812\KB912812
Type is MOUNT POINT
Final Destination:
\Device\__max++>\^

If you see the words "Device\__max++"  in your result report - you are infected.
Search the report for "Access is denied" text.
If you find the result like this:
Failed to open:
C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Access is denied.
some of your system files are infected by rootkit and need to be replaced by original files from Windows CD or from another sources.

Why it is dangerous?

The rootkit is hard in removal and you need be very careful!
If you simply delete rootkit files c:\windows\win32k.sys:1, c:\windows\win32k.sys:2 using your antivirus or another software, this may cause the Windows BSOD at next reboot.

Removal


Please, follow our instructions step by step:
1. Download RegRun Reanimator (free of charge, no ads):
https://www.greatis.com/reanimator.html
or update your UnHackMe or RegRun Security Suite software.
Reanimator already includes RegRunCK.exe.

If you do not have enough computer skill - contact our Support Center.
Attach your detailed report made by RegRun Suite or Reanimator.
We will send you detailed instructions.
2. Open "Scan for Viruses" screen using  Reanimator.
Look at the video lesson how to use "Scan for Viruses".
Watch Video
Reanimator automatically detects presence of the rootkit and starts the "RegRunCK.exe" for removing rootkit′s mount points.
RegRunCK has a switch "/f" that is used for going to the removal mode.
To start RegRunCK manually, open Windows Start menu, "All Programs", "Run", type the path to the RegRunCK and switch /f:
regrunck.exe /f

3. Be careful! The "win32k.sys" is stored in the Windows folder is a rootkit file.
The legitimate win32k.sys is located in the Windows\System32 folder.

4. Rootkit will be removed after Windows reboot.

5. Restore infected system files.
Contact our support center if you have any questions.
Suggest you to use RegRun Platinum Edition to be sure that you are clear!
Good luck!
Dmitry Sokolov
Add or See Comments (>10)
}