Suspicious file found: "C:\Windows\System32\Drivers\dbliw.sys"

[norel]

I've had viruses and I've had files that were just hard to delete. In my experiences it's the viruses that act like this dbliw.sys is acting. Causing your system to act weird, aggressively preventing the antivrus from working right and even preventing you from uploading it.

But there are a lot of things I haven't experienced so I can't say with 100% certainty what you have Oldmittay. Hopefully essexboy will be able to help you fix it.

[Oldmittay]

Well everyone, while I want to restrain myself from jumping to any conclusions, there appears to be a sign for tempered optimism, at least on the dbliw.sys front (still not sure what to think about the C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYPMOKHT\Mojo_2.2.1[1].exe file):

I decided to run another boot-time avast! scan, on the extremely unlikely chance that this time around, it would find dbliw.sys and succeed in quarantining it. Wouldn't you know it, it just might have worked! The file was found during the scan and I tried to move it to the chest, thinking I was setting myself up for another disappointment. However, I ran malwarebytes' and avast scans when the computer was rebooted, and neither found any infected items. I took a look through my avast! Virus chest, and low and behold, there is dbliw.sys in the infected files list.

one addendum: dbliw is still on the list of non-plug and play drivers in the Device Manager. What do you guys think, should I try uninstalling it again, now that I have dbliw.sys in the virus chest?

Essexboy: What steps do I still need to take? Is there a way I can check to make sure my system is clear? Re-run OTL perhaps?

I'm trying to hold back here, but maybe-- just maybe-- we're getting somewhere finally, and from the most unlikely of sources to boot, one I thought I had already exhausted!
I'll post an update on the situation early in the afternoon (USA East Coast Time).

 

[Derelict_AZ]

(still not sure what to think about the C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYPMOKHT\Mojo_2.2.1[1].exe file):

I would delete this file. Based on the file path, it can't be anything but bad news. If you can't delete it with Explorer, then I would again suggest getting XueTr and deleting it with that. XueTr has a File tab where you can browse to this file and delete it. You can also schedule a delete on the next boot, using the Delay Delete context-menu item.

one addendum: dbliw is still on the list of non-plug and play drivers in the Device Manager. What do you guys think, should I try uninstalling it again, now that I have dbliw.sys in the virus chest?

I would uninstall it from the Device Manager. Alternatively, you could search the registry and delete the service keys manually.

I'm glad that avast! was finally able to quarantine that file for you. Have you ever used Autoruns? You should run it and make sure you don't have any suspicious entries. It would also be a good idea to look into getting a HIPS product to avoid things sneaking onto your system in the future. There will be a learning curve, but IMHO it will be time well spent.

[Oldmittay]

essexboy, do you agree with Derelict's advice?

Also, I was using my computer earlier today to check this forum and my email when avast detected a virus in my system and automatically restarted my computer, running a boot-time scan, but no infected items were found, so I'm not sure what to think at this point.

[Derelict_AZ]

It sounds like you've still got a problem. I would try scanning your system offline. You can do this with a bootable CD, such as Avira's Rescue CD. If you have a clean system to create the CD from, that would be best. I would also recommend a backup system if you don't already have one in place.

[cazoza]

I suggest you do the same with a Bootlable Antivirus Cd like the one they posted up. But i need to remember to all members, u need to take care of what you post, because i had a friend here at forum, that posted twice, all bootable antivirus cd, and the moderators banned him from the forum. And i don't know why, because he was just cooperating to the community by posting that tools. And now the cant log in anymore.

[Derelict_AZ]

Thanks for the advice. I didn't think trying to help other avast! users would be a bad thing, but I guess I can see how recommending a competitor's product would be frowned upon. I'll be more careful in the future because I certainly don't want to be banned!