I have WinXP Pro and AVG Virus for virus control. Ran a scan last night and it detected the above virus in C:WINDOWS\systme32\rdriv.sys. I have tried "healing" and "deleting" it but it keeps popping up. I tried deleting the folder directly from the system32 folder but it reappears in about 4 seconds. How can I remove this completely from my system?
Please Help ..........rdriv.sys
- Thread starter lcw2
- Start date
I pulled this down off the internet, hope it helps you out 
Raghu’s weblog
My babblings!
"well well, it’s been a while i’ve got infected with a trojan ... and trust me, this one was quite a challenge.. I went to my department for some study and then this happened… rdriv.sys was the cynosure of the sophos antivirus… the scanning agent kept on popping up yelling about the virus and unable to delete it.. it kept on quarantine-ing the file but was unable to delete it… It runs as a service, and you can’t find it when you search for “rdriv.sys” either in the services in the control panel—>administrative services or when you open the msconfig from run—>msconfig.
All the help thats on web couldn’t really help me, until I used the info from here and there and did something of my own.. here are the steps
1) Disable the scanning agent of the antivirus.. use the system services in case you can’t stop it..
2) open the command prompt and type in the following
net stop rdriv.sys
this command stops the rdriv.sys service.
3) Now the rdriv.sys file is located in the C:/Windows/System32 folder. You can try deleting it, now that the service is stopped. But behold, it complains about the file being already in use by some other program. haha, so a service trojan started actually by another executable file.. so, all the strings are really attached to this executable file..
4) So which file is it?? Well it depends… the file names which were given out in some of the help pages were not present on my system. But the main thing is that, the .exe file is located in the C:/Windows folder. So, sort the files according to the last modified date and remove the .exe files which look suspicious (this would be a file with a recent modified time prolly since when the virus got recognised.. all instincts here)
well a good amount of time spent on this… but for every hitler there is always a stalingrad …
Raghu’s weblog
My babblings!
"well well, it’s been a while i’ve got infected with a trojan ... and trust me, this one was quite a challenge.. I went to my department for some study and then this happened… rdriv.sys was the cynosure of the sophos antivirus… the scanning agent kept on popping up yelling about the virus and unable to delete it.. it kept on quarantine-ing the file but was unable to delete it… It runs as a service, and you can’t find it when you search for “rdriv.sys” either in the services in the control panel—>administrative services or when you open the msconfig from run—>msconfig.
All the help thats on web couldn’t really help me, until I used the info from here and there and did something of my own.. here are the steps
1) Disable the scanning agent of the antivirus.. use the system services in case you can’t stop it..
2) open the command prompt and type in the following
net stop rdriv.sys
this command stops the rdriv.sys service.
3) Now the rdriv.sys file is located in the C:/Windows/System32 folder. You can try deleting it, now that the service is stopped. But behold, it complains about the file being already in use by some other program. haha, so a service trojan started actually by another executable file.. so, all the strings are really attached to this executable file..
4) So which file is it?? Well it depends… the file names which were given out in some of the help pages were not present on my system. But the main thing is that, the .exe file is located in the C:/Windows folder. So, sort the files according to the last modified date and remove the .exe files which look suspicious (this would be a file with a recent modified time prolly since when the virus got recognised.. all instincts here)
well a good amount of time spent on this… but for every hitler there is always a stalingrad …