Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 05, 2016, 02:40:53 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: How do I pin out the suspect virus file?  (Read 2415 times)

oversky

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 19
    • View Profile
    • Donate to Member
How do I pin out the suspect virus file?
« on: February 21, 2009, 12:05:45 AM »
From ntbtlog.txt (xp boot log file), I found out there is a driver file changed its name everytime I reboot.

Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\System32\Drivers\a5mzjxub.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cfosspeed.sys

However, when I login xp, I can't find the suspect file.
This possible virus also appears in registry (HLKM/System/CurrentControlSet/Services/), and also changes its name when I reboot.

I have used NOD32 2.7 (with updated virus code) to scan the hardrive in safe mode, but no luck.
Can anyone give me some idea and tool to pin out this virus? Thank you.



cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 982
    • View Profile
    • Donate to Member
Re: How do I pin out the suspect virus file?
« Reply #1 on: February 21, 2009, 07:52:41 AM »
You might try Malwarebytes' Anti-Malware - there's a freeware version available for download at http://www.malwarebytes.org/.  It prides itself on identifying malware that other programs miss.  They also have a useful forum you can consult after you've run a scan with Anti-Malware.  I've gotten some useful help from them.

Mark0

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 617
    • View Profile
    • Mark's home
    • Donate to Member
Re: How do I pin out the suspect virus file?
« Reply #2 on: February 21, 2009, 08:08:34 AM »
IMHO, the best ways to get out of a tricky virus are either:

  • Remove the HD, put in an external box and scan from some other PC (could be impractical)
  • Boot from a different OS, and so scan the whole system from a surely virus free environment

You can do the latter, for example, with the easy Trinity Rescue Kit.

Bye!

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: How do I pin out the suspect virus file?
« Reply #3 on: February 21, 2009, 08:52:12 AM »
IMHO, the best ways to get out of a tricky virus are either:

  • Remove the HD, put in an external box and scan from some other PC (could be impractical)
  • Boot from a different OS, and so scan the whole system from a surely virus free environment

You can do the latter, for example, with the easy Trinity Rescue Kit.

Bye!


Would it be possible to do this with a Live Linux CD?

EDIT: fixed quoting  :-[
"Some people have a way with words, other people,... oh... have not way" - Steve Martin
« Last Edit: February 21, 2009, 11:30:38 AM by Darwin »

Mark0

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 617
    • View Profile
    • Mark's home
    • Donate to Member
Re: How do I pin out the suspect virus file?
« Reply #4 on: February 21, 2009, 08:59:46 AM »
Due to the quoting I'm not really sure if I'm understaing this correctly, but...

TRK IS a Live Linux CD (heavy customized for those specific kind of works), so yes, surely.

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: How do I pin out the suspect virus file?
« Reply #5 on: February 21, 2009, 11:31:12 AM »
Due to the quoting I'm not really sure if I'm understaing this correctly, but...

TRK IS a Live Linux CD (heavy customized for those specific kind of works), so yes, surely.


Sorry - quoting now fixed! Thanks for pointing it out to me  :)
"Some people have a way with words, other people,... oh... have not way" - Steve Martin