Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windrv.exe Infection Can't Remove


  • Please log in to reply
1 reply to this topic

#1 fedupsal

fedupsal

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 13 May 2006 - 08:21 AM

Hi

My computer (Windows XP Pro sp2) has recently been infected with some kind of virus / worm / trojan in the form of windrv.exe. I have googled this error and found various suggested solutions but all are from very old virus (c.irca 2003) some related to the IRCINTER trojan, but I don't think this is the problem.

When I boot I get 10 instances of windrv.exe running. This file is located in c:\driverload. I have several registry settings which start this file. They are in HKCU and HKLM /Software/Microsoft/Windows/CurrentVersion/Run. Keys are ADriver (c:\driverload\windrv.exe), CDriver, DDriver, EDrvier and FDriver.

I have manually deleted the instances of windrv.exe running and then deleted the reg keys and then deleted the driverload folder. But when I reboot it starts again and everything reappears. I have done this in safe mode as well.

I have run Hijack This which finds the registry entries and deleted same via Hijack This, but problem just returns. I have run Aluria Spwyare Elimnator, aVast Home Edition, CWShredder and McAffee Stinger. None of which detect the windrv.exe.

I am at hte point of reinstalling OS - again - seem to have done nothing but rebuild over last year due to a variety of different problems - hardware and software.

Any ideas?

Many thanks.
Sally

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:12 PM

Posted 13 May 2006 - 04:02 PM

I have run Hijack This which finds the registry entries and deleted same via Hijack This, but problem just returns.

You should never attempt to fix anything using HijackThis, until someone who is experienced at reading the log outputs, has a chance to review it.
Fixing the wrong items can make a computer unbootable.

Spaces, extra characters, spelling, file location, plus numerous other subtle changes, all make the difference between a good, or bad, file entry.

HijackThis is an ennumerator.
It lists what is found in certain areas of the registry, or system files, in an easily accessible manner, so that those familiar with the use and reading of HijackThis logs, and windows programs, can determine what is infecting the machine, and how to remove it.

Removing entries in HJT before the problem is properly identified, and correct removal instructions posted, can make the problem undetectable to other detection and removal tools.
Hijack this should only be used to clean up the entries left behind, after you have properly removed the offending program, file, trojan, worm, hijacker etc.
And this usually requires help.

I suggest you post a HJT log for our Team to examine.
They'll take you through the fix, step by step.
You shouldn't make any changes to your system, until your log has been verified as clean.
Any changes you make, could skew the results of the HJT log.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users