Posted 16 September 2010 - 12:24 PM
Basically, I have a computer that was generating errors while trying to access Microsoft Updates. As part of the resolution of these errors the owner ran TDSS Killer. TDSS Killer reported to have found something, and removed it. The computer was restarted. Upon reboot it was discovered that computer crashed during the login process. This is when the owner asked me for help. I was able to boot the computer in safe mode. I have disabled all start up items but still experience the crash. I was able to get the crash dump files from safe mode and analyzed them on my laptop. The file causing the crashes (as reported by the Minidumps) is zbhemvyk5.sys. If I was to make an SWAG I would say this machine is infected by some sort of a rootkit. So, I come to y'all asking for help as I have been unable to find any information about this particular file. The PC in question is running Windows XP SP3. Any help that could point me in the right direction for removal would be greatly appreciated.