Hi,

I hope Shaba picks up this thread because I guess he's the best one to deal with this.

I have an infection of srosa.sys, with added hidr.exe and wintems.exe.

I followed Shaba's advice from previous threads in this forum, using Gmer in safe mode to delete the srosa.sys via the "Files ..." tab.

However, in the next step, deleting from the "Services" tab, there were no entries in red. I tried the obvious, that is, to delete the srosa.sys entry, clicked "Yes" in two deletion warning windows, but then got an error message saying the deletion failed because of error 0xc0000034.

So all three of these malware files are still present.

Any suggestions?

Hi,

Re. problems deleting srosa.sys, I have also tried RegRun Reanimator (freeware from Greatis.com (http://www.greatis.com/security/download.htm)). It identified the srosa.sys files (2) but also failed to delete them. When rebooting, it seemed to indicate that the files could not be found. Is it because the path of the files is \??\C:\\WINDOWS\etc.

This is the same path indicated in gmer. Could it be that the malware disguises its path to avoid deletion?

Any advice appreciated.

Ria

Hello.

Please see the stickied procedure for this forum: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Copy/paste the logs requested (and only those) into a new topic, then I will close this one as helpers look for zero response. ;)

Regards.

OK, Tashi. I'll post a Kaspersky and HJT log as you suggest, and start a new thread.

Ria