1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WTF is fwriyuog.sys?

Discussion in 'Virus & Other Malware Removal' started by cmangle, Nov 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. cmangle

    cmangle Thread Starter

    Joined:
    Dec 30, 2009
    Messages:
    7
    My computer running win 7 ult os (32bit Intel cpu 4 gig ram) started acting goofy! It boots to a blank screen and stops or goes to my desktop background with no icons and no start bar and stops!

    A number of spyware proggies and registry proggies and gmer found this, and gmer says it's a rootkit !

    I did a google and came up with NOTHING NO WHERE !! you try it!

    WHAT THE F**K IS THIS?

    thanks Chris

    this is registry entry:
    [HKEY_LOCAL_MACHINE] \SYSTEM\ControlSet001\services\fwriyuog\\ImagePath
     

    Attached Files:

  2. cmangle

    cmangle Thread Starter

    Joined:
    Dec 30, 2009
    Messages:
    7
    Deleted the entry from registry, and now my puter boots up fine and desktop back to normal!

    After running a few proggies (KUDOS to Gmer, Hitmanpro, RFA, and Killbox) and all things pointed to this EVIL program!

    AllMusicConverter_4.2.9-Setup.exe

    I would recommend you do not download and you will save yourself 4 hours of agony!
     
  3. cmangle

    cmangle Thread Starter

    Joined:
    Dec 30, 2009
    Messages:
    7
    It looks like I'm not out of the woods yet!!

    Just getting ready to leave this guys house and I do a hard reboot, and it's back !! Even though I've found the original offending program and deleted/uninstalled it, the rootkit it contained and installed, is still present and active!

    Checked the registry and sure enough . . .

    [HKEY_LOCAL_MACHINE] \SYSTEM\ControlSet001\services\fwriyuog\\ImagePath

    . . . is in the registry. I removed it and did a registry search for fwriyuog and it shows up in Legacy entries which I CAN'T remove!

    Now how the sam hill did it return? I deleted the above program earlier, where did it return from?

    Did a system restore back three software installs, and still at boot up, in normal mode, blank screen and lockup! Safe mode boots fine!

    Now I'm thinking this rootkit is in a separate partition on the HARD drive and it's still active. So after deleting all partitions and reformatting the largest one (440gb) I will reinstall win 7 ultimate tomorrow!

    getting some sleep, it's been a long day!

    thanks all
     
  4. cmangle

    cmangle Thread Starter

    Joined:
    Dec 30, 2009
    Messages:
    7
    OK here's an update, first ESET HAS been my AV of choice for 3+ years now NOTHING holds a candle to it!

    Second, on to the problem(s) at hand

    Now I not only re-formatted the whole drive I also bought a new 1TB drive as a damage control item (in case I throw the original out the window) !

    After reformatting ad re-installing Win7Ult 32 bit I don't have the same problem but yet they are similar! Go figure! (I also tried Win7Ult 64 bit and the new WD 1TB 7200 drive)

    After a successful install, randomly at boot up, it might go fine or it can go black or it can go to a Win7 light blue screen with the 4 color MS Flag logo and then freeze! If it does boot up ok and go to the desktop WITH all of the Icons, if it goes to sleep it will come back with the light blue Win7 screen with the MS logo/flag and be locked/froze!

    An F8 at boot up (SAFE MODE with Networking) ALWAYS brings you to the desk top with ICONS!

    I tried going back to a Windows XP Pro install and got an install error!

    So at this point I'm reloading Win7Ult 64bit and will run it in safe mode!

    What I've tried to solve this . . .

    2 different hard drives both fresh,re-formatted with NOTHING on them! nfg

    I tried swapping and eliminating ram modules to ensure there's no memory problem! nfg

    Cleared CMOS. nfg

    Tried proper shutdowns (versus yanking the power plug after a successful bootup) nfg

    Looked for overheating issues nfg (air blew dust out of everywhere including my ears)

    One thing I am REALLY curious about with this DELL Vostro 420 is the CPU! It is a Intel Q6600 2.4ghz that is a supposed 64 bit cpu but yet dell shipped it with a 32 bit Win XP OS!

    How is that possible? You can't load Win7 32 bit OS on to a current Intel I3, I5, I7 or any other current 64 bit cpu cause it will tell you that you have the wrong OS Architecture and halt the install!

    Not with this cpu???

    So at this point I'm stumped, the rootkit is gone (was it EVER there?) according to Gmer and the funky file name "fwriyuog" it was. But that can't be the issue now!

    Any thoughts?

    thanks
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027333

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice