Taznyu.sys

Printable View

August 27th, 2010, 02:15 AM
anne

Taznyu.sys

I have a laptop with win 7 x86.
Everyday for a week now i get this notice from Avast anti virus that a threat has been detected.

C:\Windows|System32\Drivers\taznyu.sys

What is it and why?

How do i stop it?
Thanks
August 27th, 2010, 06:06 AM
crunchie

Hi. Please follow the instructions found here http://discussions.virtualdr.com/sho...d.php?t=167915 and post the logs.

==

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\Windows|System32\Drivers\taznyu.sys
August 31st, 2010, 04:38 AM
anne

1 Attachment(s)

Attached is the log from malware scan.
August 31st, 2010, 04:46 AM
crunchie

As per the instructions :Please do NOT post any logs as an attachment. They will be - regrettably - IGNORED. Our members don't need long files downloaded to their computers; and if your computer IS infected, we SURE aren't going to download your files!;)
August 31st, 2010, 05:11 AM
anne

Excuse me
August 31st, 2010, 04:50 PM
crunchie

Exactly what it says there. Do not post logs as an attachment. Yours is posted as an attachment.
There are also other logs that you have not posted yet.
As soon as you have followed the directions from the link provided, I will be happy to continue :).
August 31st, 2010, 11:30 PM
anne

Thanks, here is the log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4513

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31/08/2010 6:24:48 PM
mbam-log-2010-08-31 (18-24-48).txt

Scan type: Quick scan
Objects scanned: 136040
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Drivers\taznyu.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\Users\Ray\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
August 31st, 2010, 11:33 PM
anne

Here is the result from the Jotti scan

Filename: mbam-log-2010-08-31 (18-24-48).txt
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Wed 1 Sep 2010 05:32:09 (CET) Permalink
September 1st, 2010, 12:15 AM
crunchie

How did you do with the GMER and DDS scans as per the requests in the link I gave?
September 3rd, 2010, 02:32 PM
anne

Here is the other scan results
AhnLab-V3 2010.08.31.00 2010.08.31 -
AntiVir 8.2.4.46 2010.08.31 -
Antiy-AVL 2.0.3.7 2010.08.30 -
Authentium 5.2.0.5 2010.08.31 -
Avast 4.8.1351.0 2010.08.30 -
Avast5 5.0.594.0 2010.08.30 -
AVG 9.0.0.851 2010.08.30 -
BitDefender 7.2 2010.08.31 -
CAT-QuickHeal 11.00 2010.08.31 -
ClamAV 0.96.2.0-git 2010.08.31 -
Comodo 5920 2010.08.31 -
DrWeb 5.0.2.03300 2010.08.31 -
Emsisoft 5.0.0.37 2010.08.31 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7827 2010.08.30 -
F-Prot 4.6.1.107 2010.08.31 -
F-Secure 9.0.15370.0 2010.08.31 -
Fortinet 4.1.143.0 2010.08.30 -
GData 21 2010.08.31 -
Ikarus T3.1.1.88.0 2010.08.31 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2396 2010.08.30 -
Kaspersky 7.0.0.125 2010.08.31 -
McAfee 5.400.0.1158 2010.08.31 -
McAfee-GW-Edition 2010.1B 2010.08.31 -
Microsoft 1.6103 2010.08.31 -
NOD32 5410 2010.08.30 -
Norman 6.05.11 2010.08.30 -
nProtect 2010-08-31.01 2010.08.31 -
Panda 10.0.2.7 2010.08.30 -
PCTools 7.0.3.5 2010.08.31 -
Prevx 3.0 2010.08.31 -
Rising 22.63.01.04 2010.08.31 -
Sophos 4.56.0 2010.08.31 -
Sunbelt 6816 2010.08.31 -
SUPERAntiSpyware 4.40.0.1006 2010.08.31 -
Symantec 20101.1.1.7 2010.08.31 -
TheHacker 6.5.2.1.359 2010.08.31 -
TrendMicro 9.120.0.1004 2010.08.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.31 -
VBA32 3.12.14.0 2010.08.30 -
ViRobot 2010.8.9.3978 2010.08.31 -
VirusBuster 5.0.27.0 2010.08.30 -

I dont anywhere about gmer and dds
September 3rd, 2010, 04:29 PM
Train

Follow the link in post #2. For info on about gmer and dds
September 3rd, 2010, 10:42 PM
crunchie

GMER and DDS are in the instructions from the link I provided in my first post.
September 7th, 2010, 04:40 PM
anne

It would seem that TAZNYU.SYS is a ROOTKIT.
It can be removed with a ROOTKIT removal tool.
September 7th, 2010, 08:36 PM
crunchie

Will you be posting the requested logs any time soon before the rootkit takes complete hold of your pc?