Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't get rid of rdriv.sys

Started by frogger72 , Jul 24 2005 11:21 PM

  • Please log in to reply

#1
frogger72
Posted 24 July 2005 - 11:21 PM

frogger72

    New Member

  • Member
  • Pip
  • 6 posts
Hi my virus scan(trend Micro Office Scan) keeps detecting that I have the virus rdriv.sys and it can't get rid of it. Can anyone help me out? Here'S my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:03:43 AM, on 7/25/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Edit.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\Explorer.exe
C:\OfficeScan NT\ofcdog.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.excite.com/microsoft/ie40/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: @Home - {9695E335-6558-45B7-8CD4-438E4409869F} - http://www/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www/
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.c...rt/IbmEgath.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner - C:\WINNT\Edit.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
  • 0

Advertisements

#2
darth_ash
Posted 25 July 2005 - 03:00 AM

darth_ash

    Member 1K

  • Member
  • PipPipPipPip
  • 1,382 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP