Hidden Driver in a rootket. How do I rid myself of the virus or spyware???

Discussion in 'malware problems & news' started by joelholliman, May 15, 2009.

Thread Status:
Not open for further replies.
  1. joelholliman

    joelholliman Registered Member

    Joined:
    May 15, 2009
    Posts:
    3
    AVG is reporting this problem. When I tell AVG to remove the "software/file" the message reads that the I cannot access the file because it is locked (access denied). Can you (anyone) give me some information on how to rid myself of this problem? Thanks in advance!

    "Object name";"C:\WINDOWS\TEMP\INSTB32.SYS"
    "Detection name";"Hidden driver"
    "Object type";"file"
    "SDK Type";"Rootkit"
    "Result";"Object is hidden"
     
  2. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Is it AVG Free ? I don't think it removes rootkits.

    Have you tried deleting the file via explorer ?

    Also check the file name on the web to be sure its a virus/rootkit.

    This program is good for unlocking "locked" files in general ,
    its not an Anti-rootkit product though.

    http://download.cnet.com/Unlocker/3000-2248_4-10493998.html
     
  3. progress

    progress Guest

    I think AVG Free can't detect hidden drivers, the option is disabled. Maybe it's a FP? :rolleyes:
     
  4. Dark_Hanzo

    Dark_Hanzo Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    172
    Location:
    Canada
  5. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
  6. joelholliman

    joelholliman Registered Member

    Joined:
    May 15, 2009
    Posts:
    3
    Thanks for your input. AVG is the full version. AVG reports the file is in \Windows\Temp but I can't see it. Folder options are set to see hidden files. Do you know how I can make it visible? Thanks!
     
  7. joelholliman

    joelholliman Registered Member

    Joined:
    May 15, 2009
    Posts:
    3
    The file is hidden even though the folder options state to show all hidden files. Do you know of a way to see this file? Thanks in advance!
     
  8. Dark_Hanzo

    Dark_Hanzo Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    172
    Location:
    Canada
    Sorry, I don't really know how to view hidden drivers :( but you could check if there's an option to open the driver location from avg itself. Also look in the quarantine, maybe avg already moved the file there.
     
    Last edited: May 16, 2009
  9. Mattchu

    Mattchu Registered Member

    Joined:
    Nov 8, 2008
    Posts:
    49
    Location:
    UK
  10. schindyguy

    schindyguy Registered Member

    Joined:
    Aug 20, 2009
    Posts:
    1
    Let me guess, you have a laptop? Its a file associated with LoJack .

    I got the same warning on mine and after research found out it was associated with that program. I wouldnt remove it if you want it to work.
     
  11. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    In the Folder Options Dialog Window just below "Show hidden files and folders", remove the check mark (disable) from the following:

    01)- Hide extensions of known file types
    02)- Hide protected operating system files

    This action should reveal the hidden files/drivers, however,
    if the files/drivers are protected by an Rootkit, this action might be fruitless

    Also run F-Secure Blacklight as suggested by user "Mattchu" and disable all security software before running the tool.
    Disabling all security software allows Blacklight to run unhindered.

    Here is the URL to the Direct Download Page of F-Secure Blacklight:
    http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/blacklight/


    HKEY1952
     
  12. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Welcome joelholliman,

    What they speak, all these reliable tools (especially antirootkits), which are (with the links) in my Signature, please?


    PROROOTECT
     
  13. Bensec

    Bensec Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    177
    Location:
    China Changsha
    For xp, there is a simple solution. Just install a dos7 or linux and check the location under a different OS. Removing a rootkit is easy as pie. Hope this helps.
     
  14. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
Loading...
Thread Status:
Not open for further replies.