Win32:Trojan-gen. {Other}

[goillini12]

Is it safe to delete the  C:\WINDOWS\system32\rdriv.sys file that is infected with the Win32:Trojan-gen. {Other} 

If i can how can i go about doing this?

I was afraid to delete it since it is a system file.

[FreewheelinFrank]

rdriv.sys is malware and can be deleted.

http://www.bleepingcomputer.com/startups/rdriv.sys-8753.html

Run a boot time scan and select delete if prompted.

If avast!fails to delete the file, F-Secure have a removal tool, which you could also run as a double check:

F-Bot removal tool:

http://www.f-secure.com/download-purchase/tools.shtml

[LECTRIK]

I'm also a victim  of this  virus,
all  the  reshearch and attempts so far have failed, ..... i followed removal directions found
 ( web \  goggle )  using  regedit  in safe mode  even .It still comes back !!!

Any help appreciated .
TIA,
Lec-Trik

[FreewheelinFrank]

Hi Lectrik,

Please ensure you have done a thorough scan with avast!, preferably a boot time scan. (Apparently this doesn't work in Win 98: if you have this OS, boot into safe mode before scanning- hit F8 while booting.)

Right click the avast! globe and select Start avast! Antivirus.

avast! will do a memory scan: if it find the worm in memory, it will prompt you to do a boot time scan: accept this and reboot.

If avast! doesn't find anything in memory, schedule a boot time scan. (Click the button at the top left of the avast! silver console and select Schedule boot time scan from the drop-down menu.)

These two powerful anti-Trojan programs are worth a try:

TDS-3 (Download the definitions file and move to the program folder.)

http://tds.diamondcs.com.au/

and TrojanHunter

http://www.trojanhunter.com/

They both have a free trial, and will find Trojans that anti-virus programs miss.

Ewido is also worth trying: it has a free version:

http://www.ewido.net/en/

Please ensure that you have a firewall and that your OS is up to date, otherwise infections will come back.

If you need advice on either of these subjects, please say so.

If you still experience problems, please run HijackThis and post a log file:

http://www.bleepingcomputer.com/forums/tutorial42.html

[LECTRIK]

tks 4  quick   reply,
two things i forgot to mention.

1] I'm  running  winXP  sp1  - -  plus manny updates.
( had to remove sp2 as  system got very  unstable ,....  to cleared up problems )

2]  not running a firewall  -YET-   and i'm convinced  i need to , this  virus\ malware .most likely came in a D/Load .

I'll  start  trying  UR sugestions   ,    i know it checks memory on start-up ,  it's also ID'd  it as a
TR / rootkit / L .
will get back ,
thanks again ,
lectrik

[FreewheelinFrank]

I think a nuke and pave might be called for here.

Rootkits are very difficult to get rid of, you obviously have had problems with malware affecting stability and preventing installation of SP2, and if you have been connecting to the internet without a firewall, you probably have every piece of malware under the sun on your computer.

It may be time to think about backing up your files and reinstalling your OS.