TechSpot

huy32.sys

By Problematic360
Feb 3, 2007
  1. When I return from hibernate or standby, I keep getting BSODs and I was directed here by someone from the forums saying that my minidumps showed huy32.sys was some sort of infection and was the culprit. Anyone know any remedies for this? Or even where I could've gotten it? Thanks!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    The huy32.sys is part of a rootkit infection. Please do the following.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go HERE and follow the inastructions exactly for removing the Rustock rootkit.


    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Then, download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log and an AVG Antispyware log.

    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Regards Howard :wave: :wave:

    This thread is for the use of Problematic360 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Problematic360

    Problematic360 TS Rookie Topic Starter

    I ran 3 of the 4 tools (one of the links was dead) and Spyware S&D, attempted the TrendMicro online scan, but it appeared to hang at 16minutes remaining so I aborted it; will try again later. I've copied my HJT and AVG logs to this post, but Combofix.exe crashed my PC giving me a STOP error with ntfs.sys cited as the error. Hope this allows you to help me! Thanks.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You have not posted a Combofix log as requested. Please do so in your next reply. Try and run Combofix from safe mode, since it crashed your system and see what happens.

    How did the Rustock removal go?

    Delete all files in AVG Antispyware quarantine.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - (no file)

    O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)

    O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)

    O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - (no file)

    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm103YYUS

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    Click on the fix checked button.

    Close HJT and reboot your system.

    Other than the above, your HJT log is clean.

    Please try and post a Combofix log as an attachment, as well as a fresh HJT log. See HERE for instructions on how to attach log files.

    Regards Howard :)

    This thread is for the use of Problematic360 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...