Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.cachecachekit in rdriv.sys


  • Please log in to reply
3 replies to this topic

#1 Nereid

Nereid

  • Members
  • 0 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 22 July 2005 - 09:19 AM

Norton detects Trojan.cachecachekit in rdriv.sys but cannot delete it.

I have deleted all registry entries related to this according to Symantec and other sources on the web.

I disabled some in MSConfig/Startup but cannot get osoa to go away.

I then started in Safe Mode and ran Norton. I'm sure it said it cleaned it. I restarted and scanned and there was nothing but then I scanned again and it detected it again.

I started in Safe Mode again and deleted all files including rdriv.sys but this doesn't help.

What have I missed?

Thanks

BC AdBot (Login to Remove)

 


#2 River_Rat

River_Rat

  • Members
  • 773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Oklahoma - USA
  • Local time:12:55 PM

Posted 22 July 2005 - 11:58 AM

See this article:
Taking out the Trash

See this article:
Deleting Stubborn Files

Have you tried a complete cleaning to see if that helps?
Show all Files & Folders
http://www.bleepingcomputer.com/forums/ind...showtutorial=62
Try these free tools.
Trendmicro (free virus scan only)
http://housecall.trendmicro.com/
Adware SE (update after installing)
http://www.lavasoftusa.com/software/adaware/
Spybot S&D (update after installing)
http://www.download.com/Spybot-Search-Dest...4-10122137.html

After doing this and the problems are not better feel free to post a HJT log.
Be sure to read the How to submit a HJT Log and submit it to the appropriate forum. HJT Forum links provided below.

How to submit a Hijackthis Log
http://www.bleepingcomputer.com/forums/How...s_Log-t956.html
HJT Forum
http://www.bleepingcomputer.com/forums/Hij...alysis-f22.html

Edited by River_Rat, 22 July 2005 - 12:00 PM.


#3 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:11:55 AM

Posted 22 July 2005 - 12:02 PM

That is essentially a rootkit... well, not exactly. It is a file that hides other files, so just deleting what you see won't do it. There are hidden processes happening that you will need someone that is used to dealing with this type of thing to help you out. Use the last two links that RiverRat gave you to get you on the right track.

#4 rmm55

rmm55

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 22 July 2005 - 12:48 PM

If you feel up to it, go to www.sysinternals.com and download processexplorer, autoruns and rootkitrevealer. Use processexplorer first to see if there are any un-published rogue processess running hidden. But first follow RR's instructions.
Roy Mel - YourTechOnline technician
roy@no_spam_yourtechonline.com (remove no_spam_)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users