Fix Please Help Rdriv.sys Virus. Hjt Log Tutorial

Home > Please Help > Please Help Rdriv.sys Virus. Hjt Log

Please Help Rdriv.sys Virus. Hjt Log

Here's the HJT log file, please help. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Thanks again. Then run, you will receive a warning message saying "Database not found", click "OK" for this.

Username or email: I've forgotten my password Forum Password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Community Forum The service needs to be deleted from the Registry manually or with another tool. I am assuming that I need to install them somewhere in my C drive; or will the updates automatically install themselves in the appropriate folder? I've tried using Killbox.

If you should choose to do otherwise, it may lead to some confusion. Run Ewido, click on the "Scanner" button in the left menu, then click on the "Complete System Scan" button. Then, under "Startup type" dialog box, select "Disabled".

Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now". They will be deleted. Flag Permalink This was helpful (0) Collapse - To donnasmith2011. mobile security Print Pages: [1] Go Up « previous next » Avast WEBforum » viruses and worms » viruses and worms (Moderators: Pavel, Maxx_original, misak) » rdriv.sys NEWBIE, Please Help Me

If that gives an error or it is already stopped, just skip this step and proceed with the rest. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Ewido log. 0 Discussion Starter wolala 11 Years Ago Hi again, I've O15 - Unwanted sites in Trusted ZoneWhat it looks like: O15 - Trusted Zone: - Trusted Zone: *.coolwebsearch.comO15 - Trusted Zone: *.msn.comWhat to do:Most of the time only AOL and have a peek at these guys Short URL to this thread: Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account?

I have a feeling that this rootkit virus wiped out my security updates from Microsoft. I deleted the virus but my anti-virus software keeps detecting attacks from the same virus. Firefox - Use this alternate browser. If it's not on the list and the name seems a random string of characters and the file is in the 'Application Data' folder (like the last one in the examples

  1. They will be deleted.
  2. Items listed at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad are loaded by Explorer when Windows starts.
  3. Report Back to top Posted 3/22/2007 8:40 PM #44968 mphenterprises Valued member Date Joined Nov 2016 Total Posts: 10 ALL CLEAN Everything seems fine now.
  4. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more.
  5. This is my hijack this log file: Logfile of HijackThis v1.99.1 Scan saved at 8:53:00 PM, on 4/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes:
  6. I am having a … trojan.cachecachekit in d:/windows/system32/rdriv.sys 2 replies Hello!
  7. The only program that finds this virus is AVG.
  8. Report Back to top Posted 3/25/2007 12:28 PM #45073 mphenterprises Valued member Date Joined Nov 2016 Total Posts: 10 Ah Ha......No I did not.
  9. ill post ther hjt log here..

Open My Computer. Several functions may not work. Flag Permalink This was helpful (0) Collapse - That usually does not attract help. They will be deleted.

Proffitt Forum moderator / July 13, 2011 10:46 AM PDT In reply to: Im confused.. Reverend Jim 1,454 7,923 posts since Aug 2010 Moderator Featured How does "real time collaborative coding" work Last Post 3 Days Ago Hey can anybody explain me how "real time collaborative I went to Microsoft and downloaded all of the updates that were deleted. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:Make your Internet Explorer more secure - This can be done by following

again..Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:40:28 AM, on 7/15/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Norton 360\Engine\\ccSvcHst.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton Online\Engine\\ccSvcHst.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft\Search Enhancement It's funny because if I do a search for any of the "missing" updates, the search will pull up several locations where the update is still in the computer; however, it Here I am still with Avast telling me that I have this crazy virus... his comment is here Click Yes to confirm.

It will run immediately (you won't be able to see anything happen). Yes? Security HijackThis log file analysis HijackThis opens you a possibility to find and fix nasty entries on your computer easier.Therefore it will scan special

I have customed my instructions on the assumption that you have Notepad 'on'.

I am eTunnel!] C:\disney.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [PPPOEO] pingppac.exeO4 - HKLM\..\Run: [SYSTEM MESSAGER] wmisg.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKLM\..\RunServices: [PPPOEO] pingppac.exeO4 - HKLM\..\RunServices: [SYSTEM MESSAGER] In the services window find MicroSoft Media Tools Right click and choose "Properties". Go to Tools menu, click Folder Options (Folder Option will be in View Menu in Win98). Please enter a valid email address.

Thank you for your help!!! iff you cut some slack on the comments on me... I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. = = = = = = = = = = I'm sincerely sorry about the language before..

by Edward ODaniel / July 15, 2011 9:15 AM PDT In reply to: Inapproatiate? Click Exit. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htmO8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htmWhat to do:If you don't recognize the name of the Other things that show up are either not confirmed safe yet, or are hijacked (i.e.

If you don't, check it and have HijackThis fix it. Report Back to top Posted 3/24/2007 8:52 PM #45035 mphenterprises Valued member Date Joined Nov 2016 Total Posts: 10 Yes I do. On the "General" tab under "Service Status" click the "Stop" button to stop the service. I use a program called Add/Remove Pro.

For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.F0, F1, F2, F3 - Autoloading programs from INI filesWhat it looks like:F0 - system.ini: Shell=Explorer.exe This will ensure your computer has always the latest security updates available installed on your computer. Do the same process (of stopping and disabling) for this Service too:-Windows Task Manager Service (tskman) Run HijackThis and click Do only a System scan. Pacman's Startup List can help with identifying an item.N1, N2, N3, N4 - Netscape/Mozilla Start & Search pageWhat it looks like:N1 - Netscape 4: user_pref "browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\default\prefs.js)N2 - Netscape

It will ask for confirmation to delete the file. In the popup box that appears, type in dxdmain & then click on the OK button Repeat the above steps for the following service(s) :- Local Security Authority Server (LSA Server) post another hijack this log, the ewido, spysweeper, rdriv and active scan logs khazars, Mar 17, 2006 #2 This thread has been Locked and is not open to further replies.