fake .sys file?

Custom / CUSTOM
April 1, 2010 at 15:07:21
Specs: Vista Home, athlon fx 4400/ 2gb
I thought I had posted earlier my guess is it didn't go through. So on to my problem. Vista Home Ed won't boot and the reason is it's wanting a file by the name of sjqndujf.sys. So I googled it and found nothing. This led me to believe maybe a virus uses it? Well the file exists on said computer but it's 0 size.

So I think what's happening something is fooling vista into thinking it's a necessary file to boot when in reality it's not. My question then is how do I fix this? Where does vista store .sys references?

Truth can become lie, but if lies become truth we're in trouble.


See More: fake .sys file?

Report •


#1
April 1, 2010 at 15:22:26
Are you absolutely sure it's "sjqndujf.sys"? Where is the 0 byte file located?

Skip


Report •

#2
April 1, 2010 at 15:41:47
yep that's the name of it, it's located in the system32/drivers directory. I managed to get regedit running from the command prompt and did a search and nothing. I'm also noticing it's a brand new file created the last time i was able to log in. Figured out that these .sys get referenced from hklm/system/currentcontrolset but alas no mention of said file.

Truth can become lie, but if lies become truth we're in trouble.


Report •

#3
April 1, 2010 at 19:53:07
OK ok, well computer finally fixed I almost gave up. So if any of you guys ever run into a fake.sys file that's causing problems here's the fix:

1. let vista do it's repair thing and fail, it will give you the option that lets you run the command prompt.

2. run regedit from it, the only problem is that you get a whole other hklm than the one you need.

3. open hive from regedit, location: system32\config(my problem was hidden in system), and it's suggested you use a temp key(i named my temp :) )

4. find the guilty key under system/controlset/services...etc
mines was some randomly named (sjqndujf.sys)

5. delete suspect key and unload hive VOILA!

How I found myself in such a crappy position, some malware app i'm guessing vista defender pro(rougue antispyware that in reality is spyware of in it self) made key but ofc didn't delete the ref after it was deleted. GL guys in your tech troubleshooting quest. :)

Truth can become lie, but if lies become truth we're in trouble.


Report •

Related Solutions

#4
April 2, 2010 at 10:29:58
That's great; glad you got it fixed. Good information too.

Where did you find the instructions to fix it or did you work out the path to that registry key by trial and error?

Skip


Report •


Ask Question