Questions

WTF is fwriyuog.sys?

Tags:
+
0 Votes
Locked

WTF is fwriyuog.sys?

cmangle
my compurter running win 7 ult os started acting goofy! It boots to a blank screen and stops or goes to my desktop background with no icons and no start bar and stops!

A number of spyware proggies and registry proggies and gmer found this, and gmer says it's a rootkit !

I did a google and came up with NOTHING NO WHERE !! you try it!

WHAT THE F**K IS THIS?

thanks

this is registry entry:
[HKEY_LOCAL_MACHINE] \SYSTEM\ControlSet001\services\fwriyuog\\ImagePath
  • +
    1 Votes
    OH Smeg

    There are several listed here and while I personally prefer F Secure any should be able to clean this up for you.

    http://www.techrepublic.com/blog/security/rescue-cds-tips-for-fighting-malware/3803

    Col

    +
    1 Votes

    find yourself a boot disk with antimalware and antivirus scanners on it.
    Many of these rootkits and trojans will change the name of their executables
    and dll components in efforts to evade detection anyway, so knowing a
    specific name may or may not help.

    +
    1 Votes
    WCarlS

    How did you get into Reg Editor and keep it running long enough to find the path?

    Now that you know the path, write it down, then delete that key from the registry.

    Reboot into Safe Mode and run MalwareBytes, then use MSSE to run a full anti-virus scan. You can also try Super AntiSpyware (free).

    +
    1 Votes
    asotelo

    ...you can't find it, is because most malware or spyware make a RANDOM name for the service or the files that it uses. The way I test those "funny" named files, especially the ones with a ".dll" or ".sys" extensions, is to right click on the file then Properties then Details. The description should have File version, Product name, and Copyright. Bogus ".dll" or ".sys" files do not have these characteristics.

  • +
    1 Votes
    OH Smeg

    There are several listed here and while I personally prefer F Secure any should be able to clean this up for you.

    http://www.techrepublic.com/blog/security/rescue-cds-tips-for-fighting-malware/3803

    Col

    +
    1 Votes

    find yourself a boot disk with antimalware and antivirus scanners on it.
    Many of these rootkits and trojans will change the name of their executables
    and dll components in efforts to evade detection anyway, so knowing a
    specific name may or may not help.

    +
    1 Votes
    WCarlS

    How did you get into Reg Editor and keep it running long enough to find the path?

    Now that you know the path, write it down, then delete that key from the registry.

    Reboot into Safe Mode and run MalwareBytes, then use MSSE to run a full anti-virus scan. You can also try Super AntiSpyware (free).

    +
    1 Votes
    asotelo

    ...you can't find it, is because most malware or spyware make a RANDOM name for the service or the files that it uses. The way I test those "funny" named files, especially the ones with a ".dll" or ".sys" extensions, is to right click on the file then Properties then Details. The description should have File version, Product name, and Copyright. Bogus ".dll" or ".sys" files do not have these characteristics.