Member Panel

butalso

Originally Posted by merlin

you still have not gotten rid of that thing? Download ewido from my sig and run it.. Let it fix everything it finds!

hello,

this is the first time for me to post a message and i am not a computer specialist. i simply can't get rid of "TR/Rootkit.L". will you pls help me out and let me know of the most effective way do so .
this is the message i keep receiving:

C:\WINDOWS\SYSTEM32\RDRIV.SYS

Is the Trojan horse TR/Rootkit.L
i choose to delete the file, but it keeps coming back!!!

thank you in advance

joe5

Hy there butalso , welcome to PCHF.

Can you first download and run f-secure blacklight and ewido and after that make a new topic in the hijackthis section and post a hjt log plus the ewido log there?

F-secure
http://www.europe.f-secure.com/exclu...ht/index.shtml

Ewido

Please download ewido Security Suite [*]Install ewido security suite [*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu." [*]Launch ewido, there should be a big "E" icon on your desktop, double-click it. [*]The program will prompt you to update click the "OK" button [*]The program will now go to the main screen

You will need to update ewido to the latest definition files.
[*]On the left hand side of the main screen click update [*]Click on Start

The update will start and a progress bar will show the updates being installed.? After the updates are installed, exit ewido.

Once the updates are installed do the following:
[*]If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
[*]Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run ewido.
[*]Close all open windows/programs/folders.? Have nothing else open while ewido performs its scan!
[*]Click on scanner [*]Click on Settings[*]Under "How to scan" all boxes should be selected [*]Under "Possibly unwanted software" all boxes should be selected [*]Under "What to scan" select scan every file [*]Click OK[*]Click on Complete system scan [*]Let the program scan the machine
[*]If ewido finds anything, it will pop up a notification.? NOTE:? We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one.? If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged.? In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action.? DO NOT check "Perform action with all infections."? If you are unsure of an entry, select "none" for the time being.? I'll see that in the log you will post later and let you know if ewido needs to be run again.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
[*]Click Save report [*]Save the report to your desktop [*]Exit ewido

And see for a link for hijackthis below.

Do you have System Restore on? If so, that's probally the reason why it keeps re-appearing...

You want to be sure that System Restore is off when you are healing an infected file :-)

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud