NorGitram said:
Thanks for your help. AVG antirootkit found this C:\WINDOWS\System32\Drivers\a6lry0rl.SYS,Hidden driver file. Should I remove it? I have a router and didn't think I still needed a software firewall ?
as there is no information on it i would say yes. first try changing its name to interrupt it then if all is working ok then delete it
run hijack this and place a tick next to
O4 - HKLM\..\Run: [Service] C:\WINDOWS\system32\cab\
winmgnt.exe
C:\WINDOWS\system32\cab\
winmgnt.exe go to their respective folders and delete the files marked in bold only if there
then do a regedit if you feel confident
1. Click Start, and then click Run. (The Run dialog box appears.)
2. Type regedit
Then click OK. (The Registry Editor opens.)
3. Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
4. In the right pane, delete any value which refers to the backdoor files, for instance:
"NTDLM"="c:\winnt\system32\qossrv\csrss.exe"
5. Navigate to the key:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\pAdmin\Settings
6. In the right pane, delete the value:
"port"="6351"
7. Exit the Registry Editor.
go
here and run the scanner
free firewall
HERE