So I've got a virus. sysdriver32.exe, l1rezerv.exe popped up one day but also with these processes

1068811743:540691392.exe
4771c02a-24ed-4391-8549-3ecb38c3557d.com
svchostdriver32.exe

Can't find any information on them on the internet. What are they? I dont need help to remove the virus's i know what i'm doing, just a little information.

Svchost would be normal but svchostdriver32.exe is more than likely some sort of spyware malware etc etc.

Check your startup folder and see if there is anything fishy in there.

Try PMing ShadowFiend... He's pretty good with virus/malware identification & removal

meow

what kind of information do you need?

L1REZERV.EXE
trojan downloader/bot
probably downloaded the random number/letter programs (.com is like a .exe)
downloads other crap/steals your information (random programs are probably the ones stealing your info)
located in c:/windows

Related Files:

%WINDIR%\SYSDRIVER32_.EXE
%WINDIR%\DDH_IPLIST.TXT
%WINDIR%\TEMP\1596323.EXE
%WINDIR%\IPLIST.TXT
%WINDIR%\INFO1
%WINDIR%\TEMP\5030229.EXE
%SYSTEM%\RESTORE\MACHINEGUID.TXT
%WINDIR%\TEMP\1597054.EXE
%WINDIR%\TEMP\4364302.EXE
%WINDIR%\WINEXP.EXE
%WINDIR%\TEMP\5560095.EXE
%WINDIR%\TEMP\JS_VK_0
%WINDIR%\TEMP\JS_VK_1
%WINDIR%\TEMP\JS_VK_1_KS
%WINDIR%\TEMP\MTS_HTML_0
%WINDIR%\TEMP\MTS_HTML_1

i don't know if it creates registry keys/services, i don't have a sample



sysdriver32.exe
some sort of trojan downloader
located in C:\WINDOWS\
my guess is that its related to svchostdriver32.exe
probably created a service (check it out in msconfig)
%Windir%\sysdriver32.exe srv


you can also download process explorer to see where the files are located and if there's any services attached to them

This post was edited by ShadowFiend on Aug 22 2011 12:27pm