ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

How do I pin out the suspect virus file?

(1/2) > >>

oversky:
From ntbtlog.txt (xp boot log file), I found out there is a driver file changed its name everytime I reboot.

Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\System32\Drivers\a5mzjxub.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cfosspeed.sys

However, when I login xp, I can't find the suspect file.
This possible virus also appears in registry (HLKM/System/CurrentControlSet/Services/), and also changes its name when I reboot.

I have used NOD32 2.7 (with updated virus code) to scan the hardrive in safe mode, but no luck.
Can anyone give me some idea and tool to pin out this virus? Thank you.


cyberdiva:
You might try Malwarebytes' Anti-Malware - there's a freeware version available for download at http://www.malwarebytes.org/.  It prides itself on identifying malware that other programs miss.  They also have a useful forum you can consult after you've run a scan with Anti-Malware.  I've gotten some useful help from them.

Mark0:
IMHO, the best ways to get out of a tricky virus are either:


* Remove the HD, put in an external box and scan from some other PC (could be impractical)
* Boot from a different OS, and so scan the whole system from a surely virus free environment
You can do the latter, for example, with the easy Trinity Rescue Kit.

Bye!

Darwin:
IMHO, the best ways to get out of a tricky virus are either:


* Remove the HD, put in an external box and scan from some other PC (could be impractical)
* Boot from a different OS, and so scan the whole system from a surely virus free environment
You can do the latter, for example, with the easy Trinity Rescue Kit.

Bye!
-Mark0 (February 21, 2009, 08:08 AM)
--- End quote ---


Would it be possible to do this with a Live Linux CD?

EDIT: fixed quoting  :-[

Mark0:
Due to the quoting I'm not really sure if I'm understaing this correctly, but...

TRK IS a Live Linux CD (heavy customized for those specific kind of works), so yes, surely.

Navigation

[0] Message Index

[#] Next page

Go to full version