Taznyu.sys

**anne** · August 27th, 2010, 02:15 AM

I have a laptop with win 7 x86.
Everyday for a week now i get this notice from Avast anti virus that a threat has been detected.

C:\Windows|System32\Drivers\taznyu.sys

What is it and why?

How do i stop it?
Thanks

**crunchie** · August 27th, 2010, 06:06 AM

Hi. Please follow the instructions found here http://discussions.virtualdr.com/sho...d.php?t=167915 and post the logs.

==

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\Windows|System32\Drivers\taznyu.sys

**anne** · August 31st, 2010, 04:38 AM

Attached is the log from malware scan.

**crunchie** · August 31st, 2010, 04:46 AM

As per the instructions :Please do NOT post any logs as an attachment. They will be - regrettably - IGNORED. Our members don't need long files downloaded to their computers; and if your computer IS infected, we SURE aren't going to download your files!

**anne** · August 31st, 2010, 05:11 AM

Excuse me

**crunchie** · August 31st, 2010, 04:50 PM

Exactly what it says there. Do not post logs as an attachment. Yours is posted as an attachment.
There are also other logs that you have not posted yet.
As soon as you have followed the directions from the link provided, I will be happy to continue

.

**anne** · August 31st, 2010, 11:30 PM

Thanks, here is the log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4513

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31/08/2010 6:24:48 PM
mbam-log-2010-08-31 (18-24-48).txt

Scan type: Quick scan
Objects scanned: 136040
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Drivers\taznyu.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\Users\Ray\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

**anne** · August 31st, 2010, 11:33 PM

Here is the result from the Jotti scan

Filename: mbam-log-2010-08-31 (18-24-48).txt
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Wed 1 Sep 2010 05:32:09 (CET) Permalink

**crunchie** · September 1st, 2010, 12:15 AM

How did you do with the GMER and DDS scans as per the requests in the link I gave?

**anne** · September 3rd, 2010, 02:32 PM

Here is the other scan results
AhnLab-V3 2010.08.31.00 2010.08.31 -
AntiVir 8.2.4.46 2010.08.31 -
Antiy-AVL 2.0.3.7 2010.08.30 -
Authentium 5.2.0.5 2010.08.31 -
Avast 4.8.1351.0 2010.08.30 -
Avast5 5.0.594.0 2010.08.30 -
AVG 9.0.0.851 2010.08.30 -
BitDefender 7.2 2010.08.31 -
CAT-QuickHeal 11.00 2010.08.31 -
ClamAV 0.96.2.0-git 2010.08.31 -
Comodo 5920 2010.08.31 -
DrWeb 5.0.2.03300 2010.08.31 -
Emsisoft 5.0.0.37 2010.08.31 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7827 2010.08.30 -
F-Prot 4.6.1.107 2010.08.31 -
F-Secure 9.0.15370.0 2010.08.31 -
Fortinet 4.1.143.0 2010.08.30 -
GData 21 2010.08.31 -
Ikarus T3.1.1.88.0 2010.08.31 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2396 2010.08.30 -
Kaspersky 7.0.0.125 2010.08.31 -
McAfee 5.400.0.1158 2010.08.31 -
McAfee-GW-Edition 2010.1B 2010.08.31 -
Microsoft 1.6103 2010.08.31 -
NOD32 5410 2010.08.30 -
Norman 6.05.11 2010.08.30 -
nProtect 2010-08-31.01 2010.08.31 -
Panda 10.0.2.7 2010.08.30 -
PCTools 7.0.3.5 2010.08.31 -
Prevx 3.0 2010.08.31 -
Rising 22.63.01.04 2010.08.31 -
Sophos 4.56.0 2010.08.31 -
Sunbelt 6816 2010.08.31 -
SUPERAntiSpyware 4.40.0.1006 2010.08.31 -
Symantec 20101.1.1.7 2010.08.31 -
TheHacker 6.5.2.1.359 2010.08.31 -
TrendMicro 9.120.0.1004 2010.08.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.31 -
VBA32 3.12.14.0 2010.08.30 -
ViRobot 2010.8.9.3978 2010.08.31 -
VirusBuster 5.0.27.0 2010.08.30 -

I dont anywhere about gmer and dds

**Train** · September 3rd, 2010, 04:29 PM

Follow the link in post #2. For info on about gmer and dds

**crunchie** · September 3rd, 2010, 10:42 PM

GMER and DDS are in the instructions from the link I provided in my first post.

**anne** · September 7th, 2010, 04:40 PM

It would seem that TAZNYU.SYS is a ROOTKIT.
It can be removed with a ROOTKIT removal tool.

**crunchie** · September 7th, 2010, 08:36 PM

Will you be posting the requested logs any time soon before the rootkit takes complete hold of your pc?

Thread: Taznyu.sys

Thread Tools

Search Thread

Display

Taznyu.sys

Thread Information

Users Browsing this Thread

Posting Permissions