Anyone seen windev-6160-7082.sys in stop error?

Before doing anything else, I recommend you download the AVG Antirootkit and run that as per the instructions in this thread HERE. Run the programme and let me know what it finds, if anything. Obviously, you`ll probably need to download it from another computer, since you can`t use the infected computer to access the links.

Also, I suggest you try and use Firefox as your browser, rather than IE, if you can. I don`t understand why your browser is asking for permission to download stuff. Maybe it`s due to the infections.

Regards Howard

This thread is for the use of strumbalot only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Howard:

I ran the AVG Antirootkit and this is what it found:

Rootkit path: C:\WINDOWS\system32\windev-6160-7082.sys Rootkit Type: Hidden driver file

Rootkit path: C:\WINDOWS\system32\windev-6160-7082.sys Rootkit Type: Hidden file

Rootkit path: C:\WINDOWS\system32\windev-peers.ini Rootkit Type: Hidden file

I downloaded all the other programs but have not run them yet. I will go back through the instructions from the beginning and post the remainer of the logs you request in the instructions. Thanks again for all your help!

Nickie

Hi,

Please run the Rootkit again and fix all 3 entries. They belong to a trojan Trojan.Peacomm.B listed in Symantec's database.

Do carry on with the remaining steps and post the requested logs as attachments to this thread.


Regards,
Your friendly Momok =)

This thread is for the use of strumbalot only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I have completed steps thru 12 and am currently running the scans in step 13. Attached are the combofix.txt and the hjt log. I will also rerun the antirootkit and fix the 3 items. Thanks so much for the help! I will post the logs as requested when I get to them.

Nickie

Your HJT log is clean.

I want you to have this file checked out over at Jotti`s

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\WINDOWS\system32\KGyGaAvL.sys
* Click Open
* Please let me know the results.

Run AVG Antirootkit again and see if it finds anything.

Also, please post an AVG Antispyware log as requested.

Regards Howard

This thread is for the use of strumbalot only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Hello!

I have run through all the steps and attached are the latest HJT and the AVG Antispyware logs. I attempted to go to Jotti but I could not find that file that you specified... and yes I did unhide all system files. I also ran AVG Antirootkit again and it came up w/ the same three items that it found before even though I told it to remove them. Appreciate all your help!
Nickie

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply.

After you`ve done that, run the AVG Antirootkit programme again and see if it finds anything. Please let us know the results.

Regards Howard

This thread is for the use of strumbalot only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Attached is the avenger.txt file.

The latest AVG Antirootkit came up with no rootkits found!

Where do I go from here? Could this mean its clean?

Thanks for the help!
Nickie

That looks fine mate.

Please do the following.

Locate and delete the following bold files and/or directories(if there).

C:\QooBox<Delete the entire folder.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of strumbalot only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Thank you SOOOOOOO much! You guys are awesome!

Nickie