2 replies to this topic

[John1D]

Hi,

I ran Malwarebyte's freeware and it found 2 infections (I'm running Win2k pro fully patched) I also have Symantec Corporate AV and Firewall running.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\John Dunleavy\Desktop\SpyRemover.lnk (Rogue.SpyRemover) -> Quarantined and deleted successfully.

It then asked me to reboot but then came up with a BSOD implicating viaagp1.sys.
I tried to start in safe mode but it did the same. I then restored "Last Known Good" config and the system rebooted normally.

Does anyone know what may be happening here?

Regards John

[nosirrah]

Neither detection is in any way related to that driver (viaagp1.sys) .

One was deleting a desktop icon and the other restored a start menu object .

[John1D]

Bruce, thanks for the reply,

After I restarted I checked for Spyremover and found and deleted it in add/remove programs. Ater successfully restarting I ran another quick scan and this time Malwarebytes didn't find any infections.

I was impressed with Malwarebytes as I previously used it on another system to remove the Vundo H virus on a system which was using Mcafee which had been screwed by the virus. Malwarebytes found 258 infections (not all Vundo) and removed them. That system now seems to be working fine. So a big thanks there.

I still don't understand the BSOD as my system is usually extremely stable.
Before downloading Malwarebytes I ran a full Symantec scan which didn't find anything.

Regards John

nosirrah, on Dec 20 2008, 02:03 PM, said:

Neither detection is in any way related to that driver (viaagp1.sys) .

One was deleting a desktop icon and the other restored a start menu object .