How do I pin out the suspect virus file?

Discussion in 'malware problems & news' started by oversky, Feb 21, 2009.

Thread Status:
Not open for further replies.
  1. oversky

    oversky Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    6
    From ntbtlog.txt (xp boot log file), I found out there is a driver file changed its name everytime I reboot.

    Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
    Loaded driver \SystemRoot\System32\Drivers\a5mzjxub.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\cfosspeed.sys

    However, when I login xp, I can't find the suspect file.
    This possible virus also appears in registry (HLKM/System/CurrentControlSet/Services/), and also changes its name when I reboot.

    I have used NOD32 2.7 (with updated virus code) to scan the hardrive in safe mode, but no luck.
    Can anyone give me some idea and tool to pin out this virus? Thank you.
     
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Can you confirm that you don't have the tool cFosSpeed for shaping Internet traffic installed? Also I'd recommend installing EAV v3 or v4 beta which detect more malware than v2.
     
  4. oversky

    oversky Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    6
    I do have cfosspeed installed. I tried Nod32 4 RC and scaned in windows. No virus catched. And I tried avira antivir and scaned in safe mode. No virus catched.
    From ntbtlog.txt, I see that the virus runs early than avira and nod32.
    Any other suggestion?
     
Loading...
Thread Status:
Not open for further replies.