Jump to content

caspertone2003

Members
  • Content Count

    1
  • Joined

  • Last visited

About caspertone2003

  • Rank
    Candidate
  1. was unsure where to post in relation to AVZ!! Windows 7; I got infected with virut-c. All was nicely cleared with virutkiller. Windows exes were disinfected exe but do not have the proper signatures. scf reports that cannot replace some modules (still pending to do scf in safe mode, but I am not able now - long story). Machine looks ok ... but internet goes very slowly ... I checked with all - only GMER and AVZ point to something ... the use of 29211539AC.sys ... a file I cannot locate anywhere in the disk. AVZ report goes bellow. I am running trueimage and mcaffee. Is is bad that 29211539AC.sys? How can I remove that? Thanks in advance. CTone. = = = = = = = = log follows 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=169B00) Kernel ntkrnlpa.exe found in memory at address 83819000 SDT = 83982B00 KiST = 8389743C (401) Function NtCreateProcess (4F) - machine code modification Method of JmpTo. jmp 8C39C91C\SystemRoot\system32\drivers\mfehidk.sys, driver recognized as trusted Function NtCreateProcessEx (50) - machine code modification Method of JmpTo. jmp 8C39C930\SystemRoot\system32\drivers\mfehidk.sys, driver recognized as trusted Function NtCreateThread (57) intercepted (83AF5FE2->B77B2982), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtCreateThreadEx (58) intercepted (83A8A4BB->B77B2A10), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtCreateUserProcess (5D) - machine code modification Method of JmpTo. jmp 8C39C946\SystemRoot\system32\drivers\mfehidk.sys, driver recognized as trusted Function NtMakeTemporaryObject (A4) intercepted (83A25A34->B77B2774), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtQueueApcThread (10D) intercepted (83A15E54->B77B2AA0), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtQueueApcThreadEx (10E) intercepted (83A12011->B77B2B30), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtSetContextThread (13C) intercepted (83AF7857->B77B2BC0), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtSetInformationProcess (14D) - machine code modification Method of JmpTo. jmp 8C39C95A\SystemRoot\system32\drivers\mfehidk.sys, driver recognized as trusted Function NtSetSystemInformation (15E) intercepted (83A6838A->B77AF2BE), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtSetSystemTime (160) intercepted (83AAA21E->B77AF474), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtTerminateProcess (172) - machine code modification Method of JmpTo. jmp 8C39C908\SystemRoot\system32\drivers\mfehidk.sys, driver recognized as trusted Function NtUnmapViewOfSection (181) intercepted (83A7E9CA->B77B26E6), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtWriteVirtualMemory (18F) intercepted (83A79AA7->B77B09A0), hook C:\Users\cba\AppData\Local\Temp\29211539AC.sys Function NtSetInformationProcess (83A52885) - machine code modification Method of JmpTo. jmp 8C39C95A \SystemRoot\system32\drivers\mfehidk.sys, driver recognized as trusted Functions checked: 401, intercepted: 10, restored: 0
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.