Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit virus, cannot delete .sys file or access internet


  • Please log in to reply
2 replies to this topic

#1 huegs

huegs

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 February 2010 - 06:24 PM

On the 18th I ran across some malware with a pop up for something (cant remember what). I was worried that I might have been infected so I did a scan with malwarebytes and it found a malware.trace file called avdrn.dat which it said it removed. I rebooted and by system would blue screen after a bit and then reboot on its own (and loop like that). I discovered the files that were causing this and have done a host of things over the last several days but cant seem to get rid of a .sys file in the system32\drivers folder. Malwarebytes keeps detecting it and removes it (but you have to reboot) but then it is reapears. the name of the file is mueizoc.sys I could not find another file by the same name (on the web) so I suppose it is random. The creation date for this file is the same day as my infection. I was originally able to get on the web in safe mode but cannot do so now so am posting this via my laptop. I have tried to reset my tcp/ip settings at a cmd prompt but get the following:

the following helper dll cannot be loaded: napmontr.dll.
the following helper dll cannot be loaded: dot3cfg.dll

Warning: Could not obtain host information form machine: some commands may not be available. The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Any suggestions? I cannot post any files from that system so I am sure it makes it darn hard for you to help me. Thx

Nathan

BC AdBot (Login to Remove)

 


#2 huegs

huegs
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 February 2010 - 07:07 PM

I would also like to note that I cannot copy any files to or from the computer, burn a CD or even access a portable hd via usb. Am I screwed? I would like to just copy my email and files and then reformat if I have too.

#3 huegs

huegs
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 February 2010 - 08:51 PM

Would it do any good to do this and then delete the file? http://www.howtogeek.com/howto/windows-vis...-windows-vista/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users