7 replies to this topic

[sdasfjkd221]

after removing a malware a new drive created, ex:

drive name      Publisher          path
ebxi                          c:\windows\system32\drivers\pktdpx.sys
gmrqy                      c:\windows\system32\drivers\cgpyout.sys


then mbam asks to restart to apply removal
Is that normal?
it seems every time a random drive name is created!! there is no publisher.

[daledoc1]

Hi:

Sorry to hear you might be infected.
We cannot work on malware removal in this sub-section of the forum, so please read below for assistance with cleaning your system.

IMPORTANT: Please do NOT use any temporary file cleaners unless instructed to do so - they can cause data loss, making recovery difficult.

IF YOU WOULD LIKE EXPERT HELP WITH MALWARE REMOVAL, PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:
OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum.
OPTION 2: For licensed users of MBAM PRO, there is free, one-on-one, expert assistance from the MBAM support helpdesk.
OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.

OPTION 1:

• Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  
• Then please start a new post in the Malware Removal Forum.
  
• An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.

• When starting your new post, please note the following:
  
• Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  
• Please COPY/PASTE the requested logs directly into your post, rather than attaching them.
  
• Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  
• Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  
• Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  
• Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.

OPTION 2:
If you are a paid user of MBAM PRO and would like support via the helpdesk, please contact them here.

OPTION 3:
If you prefer the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to the Premium Support site here.

Please be patient – someone will assist you as soon as possible.

Thank you very much,

daledoc1

[sdasfjkd221]

wohhh, i am not infected

those .sys files are created only once after mbam remove anyfile
after restart those .sys files are no longer exist

[daledoc1]

sdasfjkd221, on 17 August 2012 - 10:20 PM, said:

after removing a malware <snip>
then mbam asks to restart to apply removal
Is that normal?

I'm sorry that I misunderstood your question, since you twice mentioned "malware removal".

We'll need to wait for an MBAM staffer to provide a more specific answer to your question.

Thanks for your patience,

daledoc1

[exile360]

Greetings

Those are the randomly named drivers that Malwarebytes Anti-Malware creates when performing a DoR (Delete on Reboot) in order to remove an infection. They're quite harmless.

If you need anything else, please let us know.

Thanks

[daledoc1]

exile360, on 18 August 2012 - 05:28 AM, said:

Greetings

Those are the randomly named drivers that Malwarebytes Anti-Malware creates when performing a DoR (Delete on Reboot) in order to remove an infection. They're quite harmless.

Thanks

That's what I thought.
Thanks for the explanation!

daledoc1

[sdasfjkd221]

thx, i thought that, but want to make sure.

[exile360]

You're welcome, I'm glad I could help .