Win32: Rootkit-gen problem virus

**envo diverter** · 30-01-2010

Hello,

I have a virus in recent days, Win32:Rootkit-gen[Rtk], I can not get rid!
Avast found under C:\Windows\System32\Drivers\jreyftsl.sys but can not remove I also try with Malewarebytes that removes but unfortunately it reappears with each new session ....

Can anyone help me please? Thank you very much!

**GERRYNICOL** · 30-01-2010

Good evening

Download ComboFix

For Vista users: Right-click and choose "Run as administrator". For VISTA: not install the Recovery Console.

When run, ComboFix will check if the Recovery Console Microsoft Windows is installed. With infections like today, it is strongly advised to have pre-installed on your PC before removing harmful.

It will start in a special mode of recovery (repair), we can help you more easily if your computer never has a problem after an attempted cleaning. Follow the prompts to allow ComboFix to download and install the Recovery Console Microsoft Windows, and when requested, accept the License Agreement End User to install.

Once on your desktop double click on it to start.

Important note: If the Recovery Console Microsoft Windows is already installed, ComboFix will continue its procedures for removing harmful.

When the scan is complete, a report will appear. Copy/paste that report into your next reply.
NOTE: The report is also available here: C:\Combofix.txt

Do not click the Combofix window during the analysis, this would cause the freezing program

**Tillie** · 30-01-2010

Open the Start Menu-> Run (Windows key + R for short)

In the dialog box, copy / paste everything that is quoted below:

Then valid

Open CFScript.txt (on your desktop) -> Copy within this new quote:

KillAll::

Rootkit::
C:\Windows\system32\Drivers\jreyftsl.sys

File::
C:\Windows\system32\Drivers\jreyftsl.sys

RegLockDel::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jreyftsl]

Drag and drop this file on the file CFScript.txt ComboFix.exe. A blue window will appear and ComboFix going to make a new analysis.

Wait time of scan. The office will disappear several times is normal! Do not touch anything until the scan is complete. Once the scan is completed, a report will appear: post content, specifying where are your worries.

If the file does not open, it is here> C:\ComboFix.txt

**Spyrus** · 30-01-2010

Remove Win32:Rootkit-gen[Rtk] Virus

The only reason why this virus infects the PC again is that, it has been saved in the System Restore files.
Turn off System Restore now (Right click on My Computer-> Properties-> System Restore tab-> click Disable System Restore on all drives).
Reboot the PC to let the restore files to get deleted.
Now just turn on the system restore.

**Harvey** · 30-01-2010

I have a norton antivirus. I also got the same Rootkit and the same problem - the norton antivirus scanner detects it, then I click on Delete, only to have the message appears again minutes later, indicating that the problem file does not get deleted. I have upted norton fully and rescan but same thing. Will try out the system restore now.