how to find and remove DRIVER and DRIVER SETTINGS - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 01-22-2007, 07:18 AM   #1 (permalink)
True Techie
 
Join Date: Feb 2005
Posts: 235
Default how to find and remove DRIVER and DRIVER SETTINGS

hi guys


I recently got hit by the Peacom virus.. where wincom32.sys is the culprit.. i was gettinig BSOD like ****.. after investigating, using windbg, research etc etc.... i confirmed that the BSOD is being caused by the wincom32.sys driver, which actually is the Peacom virus.. the virus itself is does not cause BSOD error by design, but KASPERSKY has killed this virus, and its files etc.. however, there seem to be a device driver instruction or setting still left in the system.. because in the BSOD the faulting module is:

wincom32.sys


I have REMOVED/UNINSTALLED this device already from the device manager, issuing first:

RUN> set dvcmgr_show_nonpresent_devices=1
RUN> dvcmgmt.msc

locating the wincom32 entry and successfully uninstalling it..

but.. IM STILL GETTING THE DARN BSOD! the debug info is still reporting wincom32.sys as the culprit..

so i searched the registries for "wincom32" entry... none found..

what's weird also is the faulting module, as shown in winDBG, is located in

\??\C:\WINDOWS\system32\wincom32.sys

take note of the highlighted..

\??\C:\WINDOWS\system32\wincom32.sys

what does that mean? where is this windows "instruction"? so i can KILL IT ONCE AND FOR ALL!

please advice. .
__________________

clever_j is offline  
Old 01-22-2007, 08:10 AM   #2 (permalink)
Monster Techie
 
MrCoffee's Avatar
 
Join Date: Feb 2006
Location: UK
Posts: 1,858
Default

No idea, all I can suggest is take out your system restore and delete all instances of wincom32.sys from your drive.
if you're unlucky you may have a rootkit but I don't think Peacom includes a proper rootkit but this smells of one.

try blacklight
__________________

__________________
Intel core I7 920
GA-EX58-UD3R
6GB OCZ platinum 1600
XFX HD4890
Noctua nh-u12p
Corsair HX520
Antec 300
Samsung 1TB F1 Spinpoint
Samsung SM2443BW 24"
MrCoffee is offline  
Old 01-22-2007, 11:37 AM   #3 (permalink)
True Techie
 
Join Date: Feb 2005
Posts: 235
Default

no instances of wincom32 anywhere on my drive, not even in my registries..annoying..
clever_j is offline  
Old 01-22-2007, 12:07 PM   #4 (permalink)
Ste
Do not Stare at my Avatar
 
Ste's Avatar
 
Join Date: Aug 2005
Location: Upon Gleaning Infinity
Posts: 9,577
Send a message via MSN to Ste
Default

Windows Repair.
If Still. Back up info. Reformat. Reinstall.
Ste is offline  
Old 01-22-2007, 07:35 PM   #5 (permalink)
True Techie
 
Join Date: Feb 2005
Posts: 235
Default

Quote:
If Still. Back up info. Reformat. Reinstall.
yep this'd be my last recourse..

anyway, can you guys tell me atleast, where the LIST OF DRIVERS that are loaded on startup are located? an ini file? registry hive? coz i swear, if it's being loaded still, there's gotta be something there in my system that tells it to.
clever_j is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 06:34 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.