Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove Aomei Backupper's ambakdrv.sys boot "system driver"


  • Please log in to reply
11 replies to this topic

#1 watsonnn

watsonnn

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 13 November 2014 - 11:16 AM

Hello,After i uninstalled Aomei Backupper and all of its leftovers with revo   on my windows 7 64bit sp1 laptop it left behind a few dll's with expired digital certificates in system 32 ,some of which i could delete but ambakdrv.sys  couldnt be removed,every time i delete it my computer cant boot and it gives me a blue screen because it cant load the ambakdrv.sys dll so i have to restore my windows to a time before i deleted it.

 

I checked the dll with virus total and it says its safe but it has an expired certificate :

Aomei Technology Co.

Signature verification Certificate out of its validity period

Signers

 

 

So i think its  dubious how windows could run fine without this so called system driver but after a software installed it ,it cant be removed and windows cant start without it , I dont know what to think it looks like malware even if its from a safe application and antivirus applications say its safe, i  cant get rid of it .

 

My computer is clean i scanned it with dozens  antivirus and antimalware softwares many from bleeping computers besides the ones i use for my protection,

 

Can i get rid of it without reinstalling windows?


Edited by watsonnn, 13 November 2014 - 11:18 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 13 November 2014 - 11:47 AM

Welcome aboard p22002758.gif

 

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

p4436801.gif
 

Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 watsonnn

watsonnn
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 14 November 2014 - 10:55 AM

https://www.sendspace.com/file/qmo1mt



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 14 November 2014 - 11:27 AM

Re-run Autoruns.

Scroll down to "HKLM\System\CurrentControlSet\Services" section and uncheck:

 

+ "ambakdrv"

 

Restart computer.

If it restarted OK delete c:\windows\system32\ambakdrv.sys file.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 watsonnn

watsonnn
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 14 November 2014 - 12:02 PM

I disabled it ,restarted and got a blue screen ,it doesnt work


Edited by watsonnn, 14 November 2014 - 12:03 PM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 14 November 2014 - 12:56 PM

Do you have any restore points from before you installed Aomei Backupper?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 watsonnn

watsonnn
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 14 November 2014 - 01:17 PM

No ,cause that was months ago.. :(


Edited by watsonnn, 14 November 2014 - 01:18 PM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 14 November 2014 - 02:00 PM

When you disable that service what does BSOD say?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 watsonnn

watsonnn
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 14 November 2014 - 06:02 PM

i dont know exactly it says "if this is the first time you see this , reboot "or something like that  and then " if u see this multiple times check ur system for viruses" i didnt get a good look ,maybe something like : " theres been an unexpected error "and then  it gives some memory references ,but im not sure its not specific


Edited by watsonnn, 14 November 2014 - 06:03 PM.


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 14 November 2014 - 07:46 PM

Well, since that file is not malicious I'd leave it alone unless you want to reinstall Windows.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 watsonnn

watsonnn
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 15 November 2014 - 12:21 PM

OK ,thanks very much  for your help ,The file is  not malicious but doesnt it act like being malicious?



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 15 November 2014 - 12:31 PM

It's a legit file.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users