Trojen in my comp... and I can't delete it >.<

I keep getting this

“A virus Was Found”

and when ever I hit delete the file just reappears, I’ve tried repairing the file, and I’ve tried moving it, nothing works. I need help getting rid of this Trojen, it’s really messing with my comp.

PLEASE HELP!

Name of the File in rdriv.sys

Located in C:\WINDOWS\system32

Visit THIS PAGE and follow the instructions there.

Well, I did what that website said… But I still have a problem…

Win32.Efewe.E is a detection of the open source rootkit FU.

A rootkit is an application that allows an intruder to hide malicious activity on a previously compromised machine. Using a rootkit, an attacker can hide processes, files, registry keys and communication channels.

Win32.Efewe.E hides the attackers actions by changing data structures in the kernel. This rootkit only functions on Windows NT-based operating systems (i.e. - NT/2000/XP/2003).

Computer Associates have received reports from the wild of this rootkit’s driver being used by other malware in order to hide their own processes. Examples of such malware include:

Win32.Petribot
Users should note that this detection most likely indicates further system compromise. Should this detection continue to be triggered even after the offending file is removed, (or in other words, the file keeps re-appearing) please contact technical support for additional guidance.

Is there anyone online that knows how to fix this virus… becasue it keeps appearing on my comp, and even booting safe mode, and running an anti virus… it doesnt show up… so it can’t delete the file.

This is really frustrating, I hope someone knows what to do…

If you find a virus keeps coming back after you delete it, it’s most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x.

Enable/Disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405

Will it help?

System Restore is off…

It did nothing… the virus keeps comming back…

I need away to kill this problem WITHOUT reformatting…

I’m sure that this ‘rdriv.sys’ has been covered before in the forums.

If this is as you suspect a rootkit then there ate tools for detecting rootkits a google search for rootkit removal or words to that effect may reveal more than the one I give below.

RootKitRevealer from system internals - http://www.sysinternals.com/utilities/rootkitrevealer.html, this will check if there is in fact a rootkit type virus deeply hidden.

Hello Zorro123,

Go to this site: http://www.invisiblethings.org/tools.html and download flister.zip. Run and this will discover the rootkit for sure.

polonus

We’ve just encountered this exact same Trojan (WIN32.efewe.E). None of the ideas mentioned above worked for us. The flister.zip just flashed on and off. I couldn’t see whether it did anything or not.

The laptop at issue is at college with one of DBF’s sons. He is using EZArmor (from Computer Associates) along with a host of additional antispyware programs (Spybot, Ad-Aware, Stinger, etc.). He’s on Windows XP.

Has anyone tried the Microsoft Beta antispyware program on this?

Are there any new ideas for removing the Trojan (we know it’s there)?

Try this, if it is rdriv.sys:

http://forum.avast.com/index.php?topic=16788.msg142660#msg142660

Thanks. I’ve sent the instructions to the college boy.

Thanks!

:slight_smile: Zorro123 :

  For this "infection" you should seek assistance on the
  forums of your antiSPYWARE provider or
  www.landzdown.com .