Cannot remove Rootkit a5pqwcts.SYS

Discussion in 'Malware Help (A Specialist Will Reply)' started by Tech-Nek, Jul 26, 2008.

  1. Tech-Nek

    Tech-Nek Private E-2

    Hello everyone,

    Ok I am useing AVG Anti-virus.

    For the last couple of weeks my scans have come up with this message.

    Infection: Hidden Driver

    Location: C:\Windows\System32\Drivers\a5pqwcts.SYS

    I have done an online search for this spacific file on google.com, there are no reported results of this Infection/file.

    I have used the remove feature of AVG to try and delete this file.

    It says in order to remove this virus a restart is required.

    When I hit ok the computer restarts.

    After I run another scan the file is found again in the same location.

    Can someone please help with this issue.

    Thank you in advance.

    :major
     
    Tech-Nek, Jul 26, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I don't believe this is a problem. We have seen similarly named files in the past. The names vary and if you attempt to remove the file, it never exists. Also if you try to delete the driver, it may delete but after a reboot another driver will appear with a slightly different name. We believe this is just a driver related to some software that is being used. It has never been seen to be a problem. Also it is not really a rootkit. It is just a hidden driver and that is nothing unusual. Even protection software (like rootkit scanners themselves) will hide drivers.

    If you want to fully check your PC for malware, please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

    READ & RUN ME FIRST. Malware Removal Guide


    Note: If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    Starting your computer in Safe mode
     
    chaslang, Jul 28, 2008
    #2
  3. Tech-Nek

    Tech-Nek Private E-2

    Thank you for this information I removed a receantly installed program to test it and sure enough that was the issue thank you again :major .
     
    Tech-Nek, Jul 31, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Would you mind telling us the name of the program for other user's benefit in the future.
     
    chaslang, Jul 31, 2008
    #4
  5. Tech-Nek

    Tech-Nek Private E-2

    Not a problem, Driver Genius Professional Edition was the program but I have done some reasearch and this seems to be a generic issue. If a program hides a driver AVG's Rootkit scan sometimes picks it up as a rootkit. I am not sure how helpful that is but anything I can do to make it easier. Thanks again for the input it really made me alot happier. :major
     
    Tech-Nek, Jul 31, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Thanks for reporting back. The info may be of use to others who run into similarly named drivers.
     
    chaslang, Aug 1, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds