Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http.sys possible virus - how to report


  • Please log in to reply
1 reply to this topic

#1 wizmo

wizmo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 06 May 2014 - 07:58 PM

I have a http.sys that is bigger than it should be (736k instead of 502k).

 

I ran Combofix today (as the system was running slower than normal).  After if had finished I could not get an IP address from the DHCP server.  Looking at the event logs, I was getting 7000 and 7001 errors on lost of services including the DHCP Client.  The Server Service would not start (dependency error like all the others).  The HTTP PNP driver showed an error in the device manager.

 

Tried every trick on the net without luck, including a 'sfc /scannow', and deleting dependsons.  ComboFix's restore point got me back to a working system again, but I'm guessing the http.sys is the root cause.

 

First Question:  How do I overwrite the http.sys file.  I have a good one but can not work out how to get access to delete and replace (tried stopping with 'net stop http' but still get access denied)

 

Second Question:  If it is a new virus, how do I report it.

 

TIA 



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:14 AM

Posted 06 May 2014 - 08:10 PM

If you suspect a malware issue...follow Steps 6-8 of Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html and then post the requested DDS log, along with your ComboFix log, as a new topic initiated in the forum which contains the Prep Guide.

 

After doing that, please come back to this topic and post the link to the new topic which you have initiated.  At that time, this topic will be closed to avoid confusion.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users