ThePDW

But as no ones replied... Here's this: Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\shjyai.sys (Rootkit.Agent) -> No action taken.

So, I recently had a malware infestation and there is part of one of these programs that just won't leave. The main culprits seems to be shjyai.sys, which both avast! and Malwarebytes detect as a rootkit. Both avast and MWB ask me if I want to delete it on the next boot and I say YES and when I boot up and do another scan shjyai.sys is still there. I've searched through the registry and there are several keys (or whatever they're called) related to it. One is HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SHJYAI. This one can be deleted when I change the permissions on it. However, this reappears on the next boot. The other one is HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\shjyai and it is the real bugger. Changing permissions on it seems to do no good. It gives me the "Error while deleting key" message. So, both avast! and MWB know shjyai is bad, but they don't know how to completely get rid of it. I'm no expert, but I'm guessing that if I can get rid of the "undeletable" key then the .sys file isn't going to reappear on the next boot. I'm also guessing that this file is a brand new malware as I find no references to it on the net. There don't seem to be any actual symptoms of infestation (ie changing my desktop, pop-ups, etc) other than the reappearance of the file. Any ideas? As this .sys file is the only file MWB is finding, I'm not posting any logs, as I don't see it will do much good... Thanks!

Oops, I just realized that maybe I'm not supposed to post this in this particular forum... Should I move this elsewhere? Sorrry!

So, I recently had a malware infestation and there is part of one of these programs that just won't leave. One of the main culprits seems to be shjyai.sys, which both avast! and Malwarebytes both detect as a rootkit. Both avast and MWB ask me if I want to delete it on the next boot and I say YES and when I boot up and do another scan shjyai.sys is still there. I've searched through the registry and there are several keys (or whatever they're called) related to it. One is HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SHJYAI. This one can be deleted when I change the permissions on it. However, this reappears on the next boot. The other one is HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\shjyai and it is the real bugger. Changing permissions on it seems to do no good. It gives me the "Error while deleting key" message. So, both avast! and MWB know shjyai is bad, but they don't seem to know how to completely get rid of it. I'm no expert, but I'm guessing that if I can get rid of the "undeletable" key then the .sys file isn't going to reappear on the next boot. I'm also guessing that this file is a brand new malware as I find no references to it on the net. There don't seem to be any actual symptoms of infestation (ie changing my desktop, pop-ups, etc) other than the reappearance of the file. Any ideas? Thanks!