Problem with playing on any server.

[Kamdro]

Hi, the problem is that for 2-3 days I started getting an error when I want to join an MTA server. Normally, it enters my server, when everything is loaded, it kicks me out for something like: "AC # 4 SECURITY / DRIVER PROBLEM - UPDATE GIGABYTE TOOLS DRIVERS (AND RUN FULL VIRUS SCAN))". Prior to your advice, so I uninstalled MTA and GTA: SA (I deleted all files and reinstalled), but still the same problem.

https://imgur.com/a/cRGjWBC
 

[Dutchman101]

There's a problem on your PC, and i will provide some information that may help you fix it.

In the folder C:\Windows\ is a file called gdrv.sys which has been brought onto your PC by either a virus infection or cheat for any game. It's not a normal driver that people (still) download for Gigabyte hardware.. it is a very old one that's vulnerable and can be used by viruses and game cheats to achieve certain essential functions.

As this presents a security risk, many anticheats prohibit such hackdrivers running. MTA doesn't allow it either.

Remove the driver/make it stop running. That's the tricky part and not really on us. You should identify exactly what keeps running the driver (virus? hacktool?) and stop it, so the .sys file is no longer in use and then you can delete it. Obviously, we would say that you take care of the root cause, most of the times this starts with a full antivirus scan and if you can't figure it out, go into Windows safe mode and delete it there, where it cannot be in use.

If you need more help on the last mentioned technical subjects, Google offers tutorials, like on how to get into Windows safe mode.

Btw, if you're interested, this particular case (gdrv.sys) it's known as CVE-2018-19320 and more about it can be read here: https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/ or https://www.bleepingcomputer.com/news/security/ransomware-exploits-gigabyte-driver-to-kill-av-processes/ and you should realize that having this on your PC means you're at a serious safety risk as well. The thing that brought it there can be severe malware which can compromise your data.

@Kamdro

[Kamdro]

Manually I can't remove this file, unfortunately I will try from safe mode. I still have a question because I have gdrv.sys and gdrv2.sys. Need to delete these 2 files or just the first one? @Dutchman101

EDIT: Well, I deleted these two files in safe mode. After rebooting, they continued to be. There is probably nothing left for me, apart from uploading a new windows.

Edited March 4, 2021 by Kamdro

[Dutchman101]

33 minutes ago, Kamdro said:

EDIT: Well, I deleted these two files in safe mode. After rebooting, they continued to be. There is probably nothing left for me, apart from uploading a new windows.

If the file returned, that indicates whatever is responsible for it (a virus) has put it back, so it can keep itself working properly. So the infection is still active. Then you'll need to find a scanner that can detect it (although as per the above article, some of the viruses using this driver have the ability to tamper with virusscanners/software products) or yes, you may end up having to re-install in order to be entirely sure.

[Kamdro]

The safest option will be to upload a new windows, so thank you for your help. In the future, I will be more careful about what I use and download.