hi guys
I recently got hit by the Peacom virus.. where wincom32.sys is the culprit.. i was gettinig BSOD like ****.. after investigating, using windbg, research etc etc.... i confirmed that the BSOD is being caused by the wincom32.sys driver, which actually is the Peacom virus.. the virus itself is does not cause BSOD error by design, but KASPERSKY has killed this virus, and its files etc.. however, there seem to be a device driver instruction or setting still left in the system.. because in the BSOD the faulting module is:
wincom32.sys
I have REMOVED/UNINSTALLED this device already from the device manager, issuing first:
RUN> set dvcmgr_show_nonpresent_devices=1
RUN> dvcmgmt.msc
locating the wincom32 entry and successfully uninstalling it..
but.. IM STILL GETTING THE DARN BSOD! the debug info is still reporting wincom32.sys as the culprit..
so i searched the registries for "wincom32" entry... none found..
what's weird also is the faulting module, as shown in winDBG, is located in
\??\C:\WINDOWS\system32\wincom32.sys
take note of the highlighted..
\??\C:\WINDOWS\system32\wincom32.sys
what does that mean? where is this windows "instruction"? so i can KILL IT ONCE AND FOR ALL!
please advice. .
I recently got hit by the Peacom virus.. where wincom32.sys is the culprit.. i was gettinig BSOD like ****.. after investigating, using windbg, research etc etc.... i confirmed that the BSOD is being caused by the wincom32.sys driver, which actually is the Peacom virus.. the virus itself is does not cause BSOD error by design, but KASPERSKY has killed this virus, and its files etc.. however, there seem to be a device driver instruction or setting still left in the system.. because in the BSOD the faulting module is:
wincom32.sys
I have REMOVED/UNINSTALLED this device already from the device manager, issuing first:
RUN> set dvcmgr_show_nonpresent_devices=1
RUN> dvcmgmt.msc
locating the wincom32 entry and successfully uninstalling it..
but.. IM STILL GETTING THE DARN BSOD! the debug info is still reporting wincom32.sys as the culprit..
so i searched the registries for "wincom32" entry... none found..
what's weird also is the faulting module, as shown in winDBG, is located in
\??\C:\WINDOWS\system32\wincom32.sys
take note of the highlighted..
\??\C:\WINDOWS\system32\wincom32.sys
what does that mean? where is this windows "instruction"? so i can KILL IT ONCE AND FOR ALL!
please advice. .
