Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MAL-Krap-B (Sophos) STMIU.SYS


  • Please log in to reply
No replies to this topic

#1 sdt211

sdt211

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 07 October 2010 - 12:59 PM

I have a workstation that was recently infected with Mal/Krap-B, Troj/Spyurs-Gen & Mal/Hiloti-D - these are all identified by Sophos.

I was able to remove all but the Mal/Krap-B located in C:\Windows\System32\Drivers\STMIU.SYS using Sophos antivirus command line SAV32CLI tool. This file is unable to be opened and is skipped over.

I've contacted Sophos support and they just ask me to send a sample. When I try sending a sample I get an error that this file is empty or nonexistant.

I've tried using Malwarebytes - file assasin and that didn't work either. I've used RootRevealer and it finds the file and it can not remove it.

I'm now at the point of wiping the OS (which is XP sp3) and starting over but that is kind of like admitting defeat!

I have even tried a simple delete command in Safe Mode with Command Promt (del C:\windows\sytem32\drivers\stmiu.sys) and I get the message that the hardware attached to this is not responding.

I feel like I'm missing something simple here but I'm not quite sure what it is.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users