Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Driver - can't delete


  • Please log in to reply
2 replies to this topic

#1 vic457

vic457

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 04 September 2009 - 07:36 AM

Hello,

I had a computer infected with Personal AV. I have run ComboFix and Malwarebytes and the machine is up. As a final scan I ran RootRepeal and it shows a driver that I cannot delete. "uqdkcjqp.sys" no path. When I try to delete I receive "Invalid Path"

I have confirmed this entry with SysProt. I show in the Kernel Modules and has no service Name and is Hidden. The Module Base is "BA0A8000" and the Module End is "BA0B7000".

Is this a problem?

Thanks In Advance,
Vic

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,059 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:18 AM

Posted 04 September 2009 - 08:32 AM

For any hidden driver, the file associated can be wiped, copied or force-deleted so try wiping.

Wipe File overwrites the contents of the file on-disk with nulls (zeroes) but it does not actually delete the file. The file will still exist on the system afterwards but it will contain no meaningful data so it has essentially been neutralized.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 vic457

vic457
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 04 September 2009 - 08:40 AM

None of the above work.

Invalid path! is the result.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users