cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
NJAbby
Level 7
Report Inappropriate Content
Message 1 of 3

IRP_MJ_CREATE Trojan

McAfee has found this trojan on my computer, but will not quarantine or remove. Anybody else have a problem with this one? We've been pretty cautious with our computer and this is a first. Let me know what you think.

Thanks!
Labels (1)
2 Replies
Grif
Level 10
Report Inappropriate Content
Message 2 of 3

RE: IRP_MJ_CREATE Trojan

Please try using the free removal tool sbelow.. Download, install, update, then run a full system scan and delete anything found:

On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. (If you are able, you can also download the files to your own computer.. Unfortunately, certain types of malware will prevent you from downloading or renaming the files once they're on your personal machine, thus the need to download on a second "clean" computer. ) If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:

Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder..

Hope this helps...

Grif

RE: IRP_MJ_CREATE Trojan

It should be noted that IRP (Interupt Request Packets) indicate rootkit activity, specifically with hiding requests to access the the file system (hiding files).

 


Every kernel-mode driver must handle IRP_MJ_CREATE requests in a DispatchCreate or DispatchCreateClose routine.

When Sent
The operating system sends an IRP_MJ_CREATE request to open a handle to a file object or device object. For example, when a driver calls ZwCreateFile, the operating system sends an IRP_MJ_CREATE request to perform the actual open operation.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community