Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Loud Sound From Fire Alarm System Shuts Down Nasdaq's Scandinavian Data Center

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Need help removing Backdoor.IEbooot

Started by BT67 , Jul 26 2010 04:13 PM

Please log in to reply

No replies to this topic

#1 BT67

Members
1 posts
OFFLINE

Local time:09:44 AM

Posted 26 July 2010 - 04:13 PM

Thank you for taking a look.

I am running Windows XP home edition, version 2002, SP3.

Malwarebyte's and Rootrepeal have identified a specific file, C:windows\system32\drivers\wzsszb.sys, as being Backdoor.IEbooot trojan. I've run Rootrepeal in safe mode and wipe the file, but it comes back. It says it is "locked to the windows API. In Malwarebyte's it identifies the file and tries to remove it, but says it cannot. It tells me to reboot to complete the removal process but it remains on my system.

I also did a search for the file and tried to delete it. I get the follow error: "cannot delete wzsszb: cannot read from the source file or disk"

I have also run combofix and can post the log if that will help.

Any help would be greatly appreciated! Please excuse my newbness.... :thumbsup: