|
#1
09-21-2010, 07:39 PM
|
|||
|
|||
Virus in Hiberfil.sys ???
Just a heads up.
I just finished my third tuffy cleanup. Ran all the typical cleaners and anti-virus to no avail. This last one in fact, I had to change mbam name to run. Did not find anything (even after doing Full scan). Ran Avast pre-boot, deleted one. Still could not run ComboFix at all. Was going to give up and do wipe/reload. Decided to try (again would be third computer) deleting the hyberfil.sys file. Booted to UBCD4Win disk, deleted, rebooted and all gone. Just thought I would pass this on if it helps. Anyone else finding this? First computer would not boot pass Log-on screen. Deleted hyberfil and then did cleaning and all is good.
__________________
Last edited by Jimmyb; 09-21-2010 at 08:07 PM. 
|
|
#2
09-21-2010, 07:53 PM
|
|||
|
|||
|
If your machine had a file in the root called "Hyberfil.sys" it very well must have been a virus as the the hibernation file is called "hiberfil.sys".
__________________
Hartland Computer Services, Lexington, Ky 40515 (859) 536-4107 www.CrosbyDrive.com
|
|
#5
09-22-2010, 01:59 AM
|
||||
|
||||
|
Really sounds like rootkit activity, try TDSSKiller or GMER next time.
I've pretty much gotten into the habit of running those every time here in the last couple of months. What pointed you in the direction of that file? Virus software saying it was a problem but unable to do anything about it? If so, it usually works just as well to rename a file instead of deleting. This gives you the added benefit of being able to rename it back if for some reason it wasn't a file you wanted to get rid of (not that you couldn't have gotten this file from elsewhere, just that it's a bit easier than pulling out copies off of disks).
|
|
#6
09-22-2010, 03:37 AM
|
||||
|
||||
|
Quote:
__________________
 Neutron Technologies - Grayling, MI Computer Repair Computer Service Virus & Malware Removal
|
|
#7
09-22-2010, 01:55 PM
|
|||
|
|||
|
Quote:
|
|
#8
09-23-2010, 12:27 AM
|
|||
|
|||
|
The real hibernation file is one with some pretty strict permissions so it wouldn't be easy to mess with it, but if you replaced it entirely with a bogus file that was the virus. Haven't seen anything quite like that before but it seems possible.
The first thing I do here is delete hiberfil.sys and the page file since the are throw-aways anyway.
__________________
Hartland Computer Services, Lexington, Ky 40515 (859) 536-4107 www.CrosbyDrive.com
|
|
#9
09-23-2010, 01:04 AM
|
||||
|
||||
|
Quote:
__________________
Xander St Catharines Computer Repairs New here? Watch this and read this. Remember, it's not our problem, it's yours so ask your questions well.
|
|
#10
09-23-2010, 01:46 AM
|
||||
|
||||
|
Do keep in mind that avast can scan the os BEFORE windows starts, if you tell it to do so.
You know, have you guys tried hitman pro? These cloud antivirus programs that scan an entire pc is 10 minutes are pretty amazing. They can also reduce the time you spend scanning from hours to minutes. [read - make more $$$] You need to give hitman pro a try. ---- for a complete list of antivirus programs review the first thread in the antivirus & trojan subforum of technibble. I made a list of every antivirus and antitrojan and antirootkit in the world. But I am impressed with the cloud stuff.
__________________
First in Research & Development of Magical Technology. 
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
