Q: Suspected Virus in disk.sys This thread is locked from future replies

My security software is reporting a virus corrupting disk.sys.  Their solution:  remove the file.  I restored an older copy of the file (though it appears to be the same size, etc.) to another location from a backup I had, and when I check it, it doesn't report any virus.  But the existing copy, C:\Windows\System32\drivers\disk.sys, does.


1)  Is this file required for proper operation of Windows 7?

2)  If so, how can I repair the apparent problem?


(BTW, I took ownership of the file but I can't open it to run a compare on it; it says I need permission fromt he owner, even though I *am* now the owner.  Nor can I copy the file to another location.  I don't get that.)



Hi Larry.  Your operating system is infected with the TDL3 rootkit and it is very likely that other malware files are present too.  There are specialised utilities that should be run under expert supervision that will safely remove it but the procedure is not appropriate to post here.   There are many forums where you can do this however and I have posted a selection below that are known to me and I can recommend (In alphabetical order).
MVP (Windows Desktop Experience)

Did this solve your problem?

Sorry this didn't help.

Question Info

Views: 1,775 Last updated: December 1, 2017 Applies to: