My friend was having some troubles with a bunch of viruses (including the very annoying security tool thing) so I went and removed them all, and I thought I was done, because I ran a couple of malwarebytes scans that came out clean. but then his internet browsing became extremely slow.
I looked at network connections and I found the pc was sending out a lot of data, even when no sites were open.
I ran one more scan and it came up with C:\WINDOWS\system32\drivers\relvv.sys (Rootkit.Agent) -> Delete on reboot.
it couldn't delete it right then, or rename the file, or move it, but each time I reboot, the same thing comes up
he is running xp service pack 1 (don't ask) so I can't give him some of the spyware removal programmes I have.
any ideas on what he can do?
I've attached the log from the scan
I looked at network connections and I found the pc was sending out a lot of data, even when no sites were open.
I ran one more scan and it came up with C:\WINDOWS\system32\drivers\relvv.sys (Rootkit.Agent) -> Delete on reboot.
it couldn't delete it right then, or rename the file, or move it, but each time I reboot, the same thing comes up
he is running xp service pack 1 (don't ask) so I can't give him some of the spyware removal programmes I have.
any ideas on what he can do?
I've attached the log from the scan
