Infected file in windows\.....drivers that cant be removed

By theEd
Apr 13, 2010
  1. my friend was having some troubles with a bunch of viruses (including the very annoying security tool thing) so i went and removed them all, and i thought i was done, because i ran a couple of malwarebytes scans that came out clean. but then his internet browsing became extremely slow.
    i looked at network connections and i found the pc was sending out a lot of data, even when no sites were open.
    i ran one more scan and it came up with C:\WINDOWS\system32\drivers\relvv.sys (Rootkit.Agent) -> Delete on reboot.
    it couldn't delete it right then, or rename the file, or move it, but each time i reboot, the same thing comes up
    he is running xp service pack 1 (don't ask) so i can't give him some of the spyware removal programmes i have.
    any ideas on what he can do?
    i've attached the log from the scan

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please have him follow the Preliminary Virus and Malware removal HERE.

    When finished, include all 3 of the logs for review. All Rootkits aren't alike and this one entry does not give me enough information.

    Please ask him not to run any other cleaning or scanning programs while he is being helped, unless I instruct him to . Do not run a Registry cleaner or make ant changes in the Registry.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...