Trojan in Win.32 driver folder

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

This trojan is called
Win32.Benuti.K!downloader

This is where the virus is loacated
C:\WINDOWS\system32\drivers\


This is the file name That is located on my C drive.
bqjguhld.sys

My anti virus does not find this when it dose a scan. It only finds it in
real time when I click on Internet explorer to go on line. My anti virus
pops up a window giving me all the information and says it has deleted it.
It freezes up my IE and I have one heck of a time accessing my browser. When
I go into windows explorer to delete the file it's not there but each time I
go to access my IE it is back again.

Someone please help me. I am a full time student and I have 2 on line
classes that I can't access right now.

Thank you so much,
Crystal
2 answers Last reply
More about trojan driver folder
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    There are anti virus News Groups specifically for this type of discussion.

    microsoft.public.scripting.virus.discussion
    microsoft.public.security.virus
    alt.comp.virus
    alt.comp.anti-virus


    1) Download the following three items...

    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend Pattern File.
    http://www.trendmicro.com/download/pattern.asp

    Adaware SE (free personal version v1.05)
    http://www.lavasoftusa.com/

    Create a directory.
    On drive "C:\"
    (e.g., "c:\New Folder")
    or the desktop
    (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

    Download Sysclean.com and place it in that directory.
    Download the Trend Pattern File by obtaining the ZIP file.
    For example; lpt385.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    sysclean.com.

    2) Update Adaware with the latest definitions.
    3) Disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    platform and clean/delete any infectors/parasites found.
    (a few cycles may be needed)
    6) Restart your PC and perform a "final" Full Scan of your platform using both the
    Trend Sysclean utility and Adaware
    7) Re-enable System Restore and re-apply any System Restore preferences,
    (e.g. HD space to use suggested 400 ~ 600MB),
    8) Reboot your PC.
    9) Create a new Restore point


    * * * Please report your results ! * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html


    "Crystal" <Crystal@discussions.microsoft.com> wrote in message
    news:CE67F2B0-5FD3-4468-96B6-C61AA3D8EA6E@microsoft.com...
    | This trojan is called
    | Win32.Benuti.K!downloader
    |
    | This is where the virus is loacated
    | C:\WINDOWS\system32\drivers\
    |
    |
    | This is the file name That is located on my C drive.
    | bqjguhld.sys
    |
    | My anti virus does not find this when it dose a scan. It only finds it in
    | real time when I click on Internet explorer to go on line. My anti virus
    | pops up a window giving me all the information and says it has deleted it.
    | It freezes up my IE and I have one heck of a time accessing my browser. When
    | I go into windows explorer to delete the file it's not there but each time I
    | go to access my IE it is back again.
    |
    | Someone please help me. I am a full time student and I have 2 on line
    | classes that I can't access right now.
    |
    | Thank you so much,
    | Crystal
    |
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Sorry If I posted in the wrong place. This is the first time I have been to
    the news groups. Thank you very much for your help. I will perform this
    process ASAP.

    Crystal

    "David H. Lipman" wrote:

    > There are anti virus News Groups specifically for this type of discussion.
    >
    > microsoft.public.scripting.virus.discussion
    > microsoft.public.security.virus
    > alt.comp.virus
    > alt.comp.anti-virus
    >
    >
    > 1) Download the following three items...
    >
    > Trend Sysclean Package
    > http://www.trendmicro.com/download/dcs.asp
    >
    > Latest Trend Pattern File.
    > http://www.trendmicro.com/download/pattern.asp
    >
    > Adaware SE (free personal version v1.05)
    > http://www.lavasoftusa.com/
    >
    > Create a directory.
    > On drive "C:\"
    > (e.g., "c:\New Folder")
    > or the desktop
    > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
    >
    > Download Sysclean.com and place it in that directory.
    > Download the Trend Pattern File by obtaining the ZIP file.
    > For example; lpt385.zip
    >
    > Extract the contents of the ZIP file and place the contents in the same directory as
    > sysclean.com.
    >
    > 2) Update Adaware with the latest definitions.
    > 3) Disable System Restore
    > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    > platform and clean/delete any infectors/parasites found.
    > (a few cycles may be needed)
    > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
    > Trend Sysclean utility and Adaware
    > 7) Re-enable System Restore and re-apply any System Restore preferences,
    > (e.g. HD space to use suggested 400 ~ 600MB),
    > 8) Reboot your PC.
    > 9) Create a new Restore point
    >
    >
    > * * * Please report your results ! * * *
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    >
    >
    >
    >
    >
    > "Crystal" <Crystal@discussions.microsoft.com> wrote in message
    > news:CE67F2B0-5FD3-4468-96B6-C61AA3D8EA6E@microsoft.com...
    > | This trojan is called
    > | Win32.Benuti.K!downloader
    > |
    > | This is where the virus is loacated
    > | C:\WINDOWS\system32\drivers\
    > |
    > |
    > | This is the file name That is located on my C drive.
    > | bqjguhld.sys
    > |
    > | My anti virus does not find this when it dose a scan. It only finds it in
    > | real time when I click on Internet explorer to go on line. My anti virus
    > | pops up a window giving me all the information and says it has deleted it.
    > | It freezes up my IE and I have one heck of a time accessing my browser. When
    > | I go into windows explorer to delete the file it's not there but each time I
    > | go to access my IE it is back again.
    > |
    > | Someone please help me. I am a full time student and I have 2 on line
    > | classes that I can't access right now.
    > |
    > | Thank you so much,
    > | Crystal
    > |
    >
    >
    >
Ask a new question

Read More

Internet Explorer Trojan Windows XP