Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Backdoor.IEbooot


  • Please log in to reply
No replies to this topic

#1 BT67

BT67

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 26 July 2010 - 04:13 PM

Thank you for taking a look.

I am running Windows XP home edition, version 2002, SP3.

Malwarebyte's and Rootrepeal have identified a specific file, C:windows\system32\drivers\wzsszb.sys, as being Backdoor.IEbooot trojan. I've run Rootrepeal in safe mode and wipe the file, but it comes back. It says it is "locked to the windows API. In Malwarebyte's it identifies the file and tries to remove it, but says it cannot. It tells me to reboot to complete the removal process but it remains on my system.

I also did a search for the file and tried to delete it. I get the follow error: "cannot delete wzsszb: cannot read from the source file or disk"

I have also run combofix and can post the log if that will help.

Any help would be greatly appreciated! Please excuse my newbness.... :thumbsup:

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users