Reply With QuoteThat registry key seems to point to drivers, have you installed or updated drivers recently, maybe boot in safe mode and remove the last drivers installed or do a system restore to before the problem started.
WTF is fwriyuog.sys?
my compurter running win 7 ult os started acting goofy! It boots to a blank screen and stops or goes to my desktop background with no icons and no start bar and stops!
A number of spyware proggies and registry proggies and gmer found this, and gmer says it's a rootkit !
I did a google and came up with NOTHING NO WHERE !! you try it!
WHAT THE F**K IS THIS?
thanks
this is registry entry:
[HKEY_LOCAL_MACHINE] \SYSTEM\ControlSet001\services\fwriyuog\\ImagePath
| Look Here -> |
That registry key seems to point to drivers, have you installed or updated drivers recently, maybe boot in safe mode and remove the last drivers installed or do a system restore to before the problem started.
cmangle (22-11-11)
Deleted the entry from registry, and now my puter boots up fine and desktop back to normal!
After running a few proggies (KUDOS to Gmer, Hitmanpro, RFA, and Killbox) and all things pointed to this EVIL program!
AllMusicConverter_4.2.9-Setup.exe
I would recommend you do not download and you will save yourself 4 hours of agony!
It looks like I'm not out of the woods yet!!
Just getting ready to leave this guys house and I do a hard reboot, and it's back !! Even though I've found the original offending program and deleted/uninstalled it, the rootkit it contained and installed, is still present and active!
Checked the registry and sure enough . . .
[HKEY_LOCAL_MACHINE] \SYSTEM\ControlSet001\services\fwriyuog\\ImagePath
. . . is in the registry. I removed it and did a registry search for fwriyuog and it shows up in Legacy entries which I CAN'T remove!
Now how the sam hill did it return? I deleted the above program earlier, where did it return from?
Did a system restore back three software installs, and still at boot up, in normal mode, blank screen and lockup! Safe mode boots fine!
Now I'm thinking this rootkit is in a separate partition on the HARD drive and it's still active. So after deleting all partitions and reformatting the largest one (440gb) I will reinstall win 7 ultimate tomorrow!
getting some sleep, it's been a long day!
thanks all
OK here's an update, first ESET HAS been my AV of choice for 3+ years now NOTHING holds a candle to it!
Second, on to the problem(s) at hand
Now I not only re-formatted the whole drive I also bought a new 1TB drive as a damage control item (in case I throw the original out the window) !
After reformatting ad re-installing Win7Ult 32 bit I don't have the same problem but yet they are similar! Go figure! (I also tried Win7Ult 64 bit and the new WD 1TB 7200 drive)
After a successful install, randomly at boot up, it might go fine or it can go black or it can go to a Win7 light blue screen with the 4 color MS Flag logo and then freeze! If it does boot up ok and go to the desktop WITH all of the Icons, if it goes to sleep it will come back with the light blue Win7 screen with the MS logo/flag and be locked/froze!
An F8 at boot up (SAFE MODE with Networking) ALWAYS brings you to the desk top with ICONS!
I tried going back to a Windows XP Pro install and got an install error!
So at this point I'm reloading Win7Ult 64bit and will run it in safe mode!
What I've tried to solve this . . .
2 different hard drives both fresh,re-formatted with NOTHING on them! nfg
I tried swapping and eliminating ram modules to ensure there's no memory problem! nfg
Cleared CMOS. nfg
Tried proper shutdowns (versus yanking the power plug after a successful bootup) nfg
Looked for overheating issues nfg (air blew dust out of everywhere including my ears)
One thing I am REALLY curious about with this DELL Vostro 420 is the CPU! It is a Intel Q6600 2.4ghz that is a supposed 64 bit cpu but yet dell shipped it with a 32 bit Win XP OS!
How is that possible? You can't load Win7 32 bit OS on to a current Intel I3, I5, I7 or any other current 64 bit cpu cause it will tell you that you have the wrong OS Architecture and halt the install!
Not with this cpu???
So at this point I'm stumped, the rootkit is gone (was it EVER there?) according to Gmer and the funky file name "fwriyuog" it was. But that can't be the issue now!
Any thoughts?
thanks
Last edited by cmangle; 19-11-11 at 08:01 AM.
OK, success!
What I had was multiple problems occurring at multiple times!
Talk about a test from geek computer god!
Initially, the rootkit WAS the problem! As time and frustration progressed other mitigating factors came into play!
Of two dvd/cd rom drives (one a blu-ray) only one worked consistently! The blu-ray for some reason did not like the Win XP install CD nor either of the Win 7 Ult 32/64 install DVD's! Even after burning new fresh copies of ALL of the above at the slowest possible speed 4x!
Then we have the mysterious Intel Q6600 64/32 bit CPU. Try and install a 32 bit OS on ANY desktop laptop with a 64 bit CPU and it won't happen! Not with this CPU either installs fine.
(Not so much as a problem more as a confusing factor to sidetrack my mind!)
Last and foremost either of the Win7 Ult installs, 32 or 64 bit, did not like the ATI Radeon HD video card. Even after d/ling the LATEST Win 7 drivers random video errors occurred. Blank screen, Desktop lockup, even if a good bootup ocurred as soon as screen saver initiated you had lockup NOTHING functioned except power down!
It was the safe mode operation that pointed the way . . . why did the box work fine when no drivers were loaded? I was thinking the rootkit had returned when in actuality it was the change of OS to Win7 that was causing the similar symptoms. Do a Google and you will see this is a common problem with Win 7 Ult installs! But who would Google this if you thought the rootkit had returned?. After reformatting the old drive and then installing a new one, where the hell was the rootkit hiding to return from?
The final cure was to disable the ATI device in hardware and let the Dell run on generic drivers!
I believe a new video card is on my friends agenda! Although not necessary as the box is running fine and he is not a gamer needing 3D and such!
Whewwwwwww!
Last edited by cmangle; 20-11-11 at 07:31 AM.
glad to hear you got it sorted
cheers
thanks for your input Dungbeetle . . . ain't sure if I want to know how you got your nick but it definitely is different!
OK, and I have been informed that a 32 bit os CAN go into a 64 bit cpu system.
I stand corrected.
Indeed it was the reverse, I had been trying on a few other installs to put a 64 bit OS onto a 32 bit cpu system!
it started as my ebay name, i would go around collecting s*%t and then sell it on ebay, hence dungbeetleOriginally Posted by cmangle
Posting Permissions
Bookmarks