Gibberish file

July 5, 2009 at 13:10:01
Specs: Windows Vista
I have Sophos Anti-Virus (for now, long story),
and for the past 2 days it has been giving me
alerts saying "Virus/spyware Mal/Generic-A
has been detected" in my C drive temp file,
and the name of the file is always gibberish, and its a TMP file. The beginning of the file always starts with 'hjgruiah' and is 16 characters long.

When I delete the file through Sophos,
about an hour later I get another alert with a
different sequence of letters. Anyone know what this is? And if so, how do I get rid of it?

Note: I've already used spybot, and it didn't detect anything but adware which has since been deleted.

See More: Gibberish file

Report •

July 5, 2009 at 13:46:19
Seems like a rootkit.

Follow these steps in order numbered:

1) Download GMER:
[This version will download a randomly named file (Recommended).]

2) Disconnect from the Internet and close all running programs.

3) Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

4) Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

5) GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)

6) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO.

7) Now click the Scan button. If you see a rootkit warning window, click OK.

8) When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log and upload it Post the download link to the uploaded file in your post.

9) Exit GMER and re-enable all active protection when done.

Note: Please give me the exact name of the file you downloaded in step 1 + post your log from step 8 in your next post.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •
Related Solutions

Ask Question