How to remove .sys trojan

Submitted by rynfua117 on Mon, 2010-01-18 00:55. Analysis and Samples | Malware

Could you tell me about how to remove this malware ?

When I manually edit and delete this file or registry,
the access denial message is displayed.
When I check attribute command for this file,
I cannot change any attribute for this.

trace:
c:\windows\system32\drivers\fzbilwy.sys

registry:
HKLM\System\CurrentControlSet\Service\fzbilwy

regards
-hisaki

» login or register to post comments

Try with GMER and

Submitted by VirusBuster on Wed, 2010-01-20 11:01.

Try with GMER and RootkitRepeal.

» login or register to post comments

-hisaki

Submitted by alexj on Wed, 2010-01-20 12:14.

1. Try to identify this malware on virustotal.com
2. Install any antivirus program (or update installed)
OR
Try this

1. Open console (Win+r-> cmd)
2. cd c:\windows\system32\drivers\
3. attrib -s -h -r fzbilwy.sys
4. cacls fzbilwy.sys /G YourUserName:F
5. sc stop fzbilwy && sc delete fzbilwy
6. del fzbilwy.sys
7. restart

If its no help at all boot from any livecd and remove this f*cking file)

» login or register to post comments

User login

Malware Search

Navigation

Active forum topics

Recent blog posts

Navigation

Affiliates

Links

Who's online

Online users

Ads

How to remove .sys trojan

Try with GMER and

-hisaki