Jump to content

MWB Doesn't Realize That There Are Registry Keys That Need to Be Deleted...

ThePDW

By ThePDW
in Resolved Malware Removal Logs

 Share

Recommended Posts

ThePDW

ThePDW

Posted
Posted

So, I recently had a malware infestation and there is part of one of these programs that just won't leave. The main culprits seems to be shjyai.sys, which both avast! and Malwarebytes detect as a rootkit. Both avast and MWB ask me if I want to delete it on the next boot and I say YES and when I boot up and do another scan shjyai.sys is still there. I've searched through the registry and there are several keys (or whatever they're called) related to it. One is HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SHJYAI. This one can be deleted when I change the permissions on it. However, this reappears on the next boot. The other one is HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\shjyai and it is the real bugger. Changing permissions on it seems to do no good. It gives me the "Error while deleting key" message. So, both avast! and MWB know shjyai is bad, but they don't know how to completely get rid of it. I'm no expert, but I'm guessing that if I can get rid of the "undeletable" key then the .sys file isn't going to reappear on the next boot. I'm also guessing that this file is a brand new malware as I find no references to it on the net. There don't seem to be any actual symptoms of infestation (ie changing my desktop, pop-ups, etc) other than the reappearance of the file. Any ideas? As this .sys file is the only file MWB is finding, I'm not posting any logs, as I don't see it will do much good...

Thanks!

Link to post
Share on other sites
ThePDW

ThePDW

Posted
  • Author
Posted

But as no ones replied... Here's this:

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\shjyai.sys (Rootkit.Agent) -> No action taken.

Link to post
Share on other sites
  • 4 weeks later...
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.