Author Topic: 6145d0fb.sys (Read 2603 times)

tyge · « **on:** June 09, 2009, 12:37:14 PM »

Hi all,

This is my first post to this forum - I hope someone can help me.

Avast is picking up a suspicious file (6145d0fb.sys) - it says it's type is a hidden service. The file is located in c:windows\system32\drivers\6145d0fb.sys.

Avast recommends to move it to the chest - but fails to do so.

When I look at the file in explorer the date modified keeps updating inline with my computer clock.

I tried to rename it to temporarily to disable it - but the system says it can't find the file.

I've searched the forums and googled it - but there appears to be no postings on this at all.

Can anyone help please.

thanks in advance

Tyge

FreewheelinFrank · « **Reply #1 on:** June 09, 2009, 01:30:15 PM »

Probably a random file name.

Have you tried a boot time scan with avast!? Right click the scanner screen, select 'schedule a boot time scan' and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)

Maxx_original · « **Reply #2 on:** June 09, 2009, 04:30:17 PM »

it could be a new Rustock (they changed the decryption algo a bit yesterday or two days ago)... an updated detection will be available today..

tyge · « **Reply #3 on:** June 09, 2009, 05:22:28 PM »

Hi Freewheelinfrank

Sorry forgot to mention I've now run 3 Boot time scans - it's still there.

micky77 · « **Reply #4 on:** June 09, 2009, 05:46:22 PM »

Have a look at this link.Download rootrepeal, run and post the log.

http://www.malwarebytes.org/forums/index.php?showtopic=12709

Author Topic: 6145d0fb.sys (Read 2603 times)

tyge

6145d0fb.sys

FreewheelinFrank

Re: 6145d0fb.sys

Maxx_original

Re: 6145d0fb.sys

tyge

Re: 6145d0fb.sys

micky77

Re: 6145d0fb.sys