Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

bsdriver.sys [Solved]


  • This topic is locked This topic is locked

#1
sabusamra88

sabusamra88

    Member

  • Member
  • PipPip
  • 23 posts

Hi guys i was searching online for ways to remove this nasty virus from my system. Ive tried with malware removal tools, going into the registry and manually trying to delete it, but in the end nothing happened. It kept coming back. As i was searching i came across this site. Ive already downloaded the tool and did a scan. Any advice is helpful. Thank you

Attached Files


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep these in mind. Before anything else, kindly accomplish the below.Please only proceed after the above has been done.
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    CloseProcesses:
    EmptyTemp:
    CreateRestorePoint:
    
    HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=00036295&OHP=http%3A%2F%2Fwww%2Dsearching.com%2F%3Fpid%3Ds%26s%3DF8Gzbuzdk00OBR1%5FLS%2Cb4be4c74%2D7b5c%2D4689%2Dad2a%2Dbd7876a8d671%26vp%3Dch%26prd%3Dset&OSP=http%3A%2F%2Fwww%2Dsearching.com%2Fsearch.aspx%3Fs%3DF8Gzbuzdk00OBR1%5FLS%2Cb4be4c74%2D7b5c%2D4689%2Dad2a%2Dbd7876a8d671%26site%3Dshyosie%26prd%3Dset%26q%3D%7BsearchTerms%7D
    SearchScopes: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF DefaultSearchEngine.US: Search Module
    FF NetworkProxy: "type", 0
    FF SearchPlugin: C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\olwpkw64.default\searchplugins\smod.xml [2015-08-15]
    CHR HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx
    R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-08-15] ()
    C:\WINDOWS\system32\drivers\bsdriver.sys 
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2015-08-18 21:08 - 2010-03-08 06:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
    2015-08-18 21:04 - 2015-08-18 21:05 - 02666167 _____ (Kephyr) C:\Users\Samuel\Downloads\freefixersetup.exe
    2015-08-18 20:40 - 2015-08-18 20:48 - 00000000 ____D C:\Users\Samuel\Downloads\WindowexeAllkiller
    2015-08-18 20:40 - 2015-08-18 20:40 - 00162397 _____ C:\Users\Samuel\Downloads\WindowexeAllkiller.zip
    2015-08-18 07:39 - 2015-08-18 07:39 - 00000000 _____ C:\autoexec.bat
    2015-08-15 17:00 - 2015-08-15 17:05 - 00001769 _____ C:\ProgramData\tempimage.bmp
    2015-08-15 10:50 - 2015-08-15 10:50 - 00004752 _____ C:\WINDOWS\SysWOW64\Uiviuuj.ini
    2015-08-15 10:50 - 2015-08-15 10:50 - 00002472 _____ C:\WINDOWS\SysWOW64\UiviuujOff.ini
    2015-08-15 10:50 - 2015-08-15 10:50 - 00002472 _____ C:\WINDOWS\system32\UiviuujOff.ini
    2015-08-15 10:50 - 2015-08-15 10:50 - 00000000 ____D C:\WINDOWS\system32\mec
    2015-08-15 10:50 - 2015-08-12 04:45 - 00353608 _____ C:\WINDOWS\system32\Uiviuuj64.dll
    2015-08-15 10:50 - 2015-08-12 04:45 - 00283464 _____ C:\WINDOWS\SysWOW64\Uiviuuj.dll
    2015-08-15 10:48 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\WINDOWS\system32\Drivers\cherimoya.sys
    2015-08-14 22:46 - 2015-08-14 22:46 - 00003226 _____ C:\WINDOWS\System32\Tasks\{65FB15D4-B429-4843-94C3-EF3D4F1F8C50}
    2015-08-14 22:45 - 2015-08-14 22:45 - 00003270 _____ C:\WINDOWS\System32\Tasks\{FFED5B58-4A07-4D43-9FB0-C3BB6264DEB8}
    2015-08-14 22:43 - 2015-08-19 15:39 - 00000346 _____ C:\WINDOWS\Tasks\JKRXFGIV1.job
    2015-08-14 22:43 - 2015-08-18 08:24 - 00000000 ____D C:\ProgramData\Service1198
    2015-08-14 22:43 - 2015-08-14 22:45 - 00000000 ____D C:\Users\Samuel\AppData\Local\BrowserAir
    2015-08-14 22:43 - 2015-08-14 22:43 - 00002914 _____ C:\WINDOWS\System32\Tasks\JKRXFGIV1
    2015-08-14 22:43 - 2015-08-14 22:43 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
    2015-08-01 12:14 - 2015-08-19 15:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2015-07-24 14:04 - 2015-07-24 14:05 - 21511608 _____ (KeepSolid Inc. ) C:\Users\Samuel\Downloads\vpn-unlimited_2.11.0.exe
    Task: {02F07688-F9D4-4F9D-8424-0E7355A062D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {093286AE-F782-4AAA-B46C-33D40CC3C667} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {0BD640B4-00E6-4550-9B42-2D9A9EF8B82A} - System32\Tasks\JKRXFGIV1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== ATTENTION
    Task: {0C9CE355-1324-4966-885C-058450D15F7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {1FE592E4-3C8F-4933-A356-A178CED12BB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {4972D29D-8341-4B9F-84FB-2276F221F552} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9DBF1E06-0EC0-4160-AB0D-BDE846B915DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {B6C674AE-D493-4058-B264-076E8735452A} - System32\Tasks\{65FB15D4-B429-4843-94C3-EF3D4F1F8C50} => pcalua.exe -a C:\ProgramData\EpsanDrive\SoftConfigTest.exe
    Task: {C2059E7C-71DF-4ECF-8E3F-E4BE0DB3FC73} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {CAA046D5-922C-4A74-AC4C-432A3616D89C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {DA7E794B-53EE-47F8-8517-4F065BE71383} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION)
    Task: {EB7140B0-4A5D-433F-9CB6-44C9CE4A6BF1} - System32\Tasks\{FFED5B58-4A07-4D43-9FB0-C3BB6264DEB8} => pcalua.exe -a C:\Users\Samuel\AppData\Local\BrowserAir\Application\Uninstall.exe
    Task: {ED7C4068-89F3-4660-827E-450E13EEA862} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F8F03F0C-D56F-428E-8F0E-A2D5DA1BE562} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\JKRXFGIV1.job => 0x000A0100C9A6B4E72AC44C4F8DE1DCBC095E2AF44600F800000000003C000A0020000000FEFFFFFF0B0107800013040000008021DF070800030013000F0027001C00C6010000290043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E00440072006900760065005C0045007000730061006E00440072006900760065002E00650078006500000000001A0043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E004400720069007600650000000B00530041004D005C00530061006D00750065006C0000000000000008000000000000000000020030000000DF0708000E00000000000000000000000000000000000000000000000700000001000000000000000000000030000100DF0708000E0000000000000016002C0000000000000000000000000000000000010000000000000000000000
    C:\ProgramData\ZigsNad
    C:\Program Files (x86)\Max Driver Updater
    File: C:\Windows\System32\drivers\udecx.sys
    
    RemoveProxy:
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: bitsadmin /reset /allusers
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)

  • 0

#3
sabusamra88

sabusamra88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi, for the system restore steps one through seven, i am on windows 10. Also do you want me to turn system protection on or off?


  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Turn it on, please. :)
  • 0

#5
sabusamra88

sabusamra88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Attached File  Fixlog.txt   17.9KB   159 downloadsDone, as requested 


Edited by sabusamra88, 21 August 2015 - 06:01 PM.

  • 0

#6
sabusamra88

sabusamra88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

this is the second file

Attached Files


Edited by sabusamra88, 21 August 2015 - 06:02 PM.

  • 0

#7
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
For AdwCleaner, you need to press Clean after Scan. :) Do you have a spare flash drive? Looks like we might need it to remove persistent files if this one does not do so.
  • Step 1

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
      • Click Finish after.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • AdwCleaner[S*].txt (AdwCleaner)
    • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

  • 0

#8
sabusamra88

sabusamra88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I do have a usb, here are the logs. One protection log, named mal 1 and the other 2 scans i did, mal 2 and mal 3

 

 

Attached Files


  • 0

#9
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
That seems to have removed it--let's verify.
  • Step 1

    Run your copy of FRST by double-clicking it.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)

  • 0

#10
sabusamra88

sabusamra88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Here you go

Attached Files


  • 0

Advertisements


#11
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
How is your computer? The logs look good.
  • Step 1

    You do not seem to have an anti-virus installed in your system. Choosing a good program is crucial as without it you will be easily infected. Please choose only one from the list below and install it. Note that the names lead to the respective sites.
    • avast! Free Antivirus
      • Spoiler
    • Avira Free Antivirus
      • Spoiler
    Note: Disable Windows Defender before or after the process by following Option One ('Windows 7' | 'Windows 8' | 'Windows 10').
  • Step 2

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • checkup.txt (SecurityCheck)

  • 0

#12
sabusamra88

sabusamra88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Im still getting this 

Attached Thumbnails

  • Capture.PNG

  • 0

#13
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
You mean this was the infection to begin with and not the driver mentioned in your topic title?  :headscratch: Does this also appear in all of your browsers or just Microsoft Edge? Your logs do not indicate Mozilla Firefox or Google Chrome to be infected with this... do confirm.
  • 0

#14
sabusamra88

sabusamra88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

You mean this was the infection to begin with and not the driver mentioned in your topic title?  :headscratch: Does this also appear in all of your browsers or just Microsoft Edge? Your logs do not indicate Mozilla Firefox or Google Chrome to be infected with this... do confirm.


It happens with edge and sometimes in chrome. Mostly edge
  • 0

#15
sabusamra88

sabusamra88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I had adwcleaner before and when I ran the scan it would always give me bs driver.system so I assumed that was the problem.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP