6145d0fb.sys

Hi all,

This is my first post to this forum - I hope someone can help me.

Avast is picking up a suspicious file (6145d0fb.sys) - it says it’s type is a hidden service. The file is located in c:windows\system32\drivers\6145d0fb.sys.

Avast recommends to move it to the chest - but fails to do so.

When I look at the file in explorer the date modified keeps updating inline with my computer clock.

I tried to rename it to temporarily to disable it - but the system says it can’t find the file.

I’ve searched the forums and googled it - but there appears to be no postings on this at all.

Can anyone help please.

thanks in advance

Tyge

Probably a random file name.

Have you tried a boot time scan with avast!? Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)

it could be a new Rustock (they changed the decryption algo a bit yesterday or two days ago)… an updated detection will be available today…

Hi Freewheelinfrank

Sorry forgot to mention I’ve now run 3 Boot time scans - it’s still there.

Have a look at this link.Download rootrepeal, run and post the log.

http://www.malwarebytes.org/forums/index.php?showtopic=12709