Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden driver rootkit


  • Please log in to reply
4 replies to this topic

#1 clinton.brits

clinton.brits

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 18 May 2014 - 11:03 AM

This is concerning my last post but a different question.  Other topic is here: http://www.bleepingcomputer.com/forums/t/534716/program-compatability-stopped-working/
Mod Edit:  Above linked topic has been closed - Hamluis.

I did a scan and found a hidden driver rootkit which for the life of me cannot be removed. Everytime it gets deleted, it changes its name and recreates itself.

Before anyone says Mcafee etc its a random filename of 7 alpha numerics. I've also tried hackthis and deleted the file on startup but low and behold its back with a different name but still 7 random alphanumerics.

How can I delete this?


Edited by hamluis, 18 May 2014 - 02:03 PM.
Moved to AII from Windows 7. ~ OB :cherry:


BC AdBot (Login to Remove)

 


#2 clinton.brits

clinton.brits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 18 May 2014 - 12:13 PM

I've tried the malwarebytes and every other antivirus/malware. I was hoping someone had a genius solution albeit manual.

I reckon I'm just gonna backup and format. I suspect it preventing my software from running. All that worries me is that they detect nothing except for avg and its clearly suspicious in behavior.

#3 clinton.brits

clinton.brits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 18 May 2014 - 12:32 PM

I have an issue with my windows 7 where I can't run old applications that need compatability settings.

I suspect its a malware that caused the problem and so I scanned with microsoft security essentials malwarebytes kasperky rootkits and avg. Malwarebytes cleaned a registry entry but problem persists.

I noticed that avg detected a hidden driver file with 7 random characters for a name. If I delete it using hackthis on start up, it reappears with a new 7 character name.

How can I delete this?

#4 clinton.brits

clinton.brits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 18 May 2014 - 01:12 PM

I had a problem whereby my compatability agent stopped working and I could not acces my old apps.

I download an arsenal of antivirus/anti malware/anti root kit software and I removed them all. My apps still don't work and all I get is an hour glass cursor and then nothing. The pcaui.exe is in the task manager but nothing else.

Avg still shows a hidden driver file witha 7 character random name that renames itself everytime it is deleted but I cannot remove it nor do other antiviruses detect it.

How can I repair this? Is it registry or file problems?

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,554 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:56 AM

Posted 18 May 2014 - 01:57 PM

Multiple posts about system issues merged.

 

Please...do not initiate any more topics about your issues...until this topic is resolved in some manner.

 

Thanks :).

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users