Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware Drivers


  • Please log in to reply
6 replies to this topic

#1 Spirit Gal

Spirit Gal

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 07 February 2010 - 03:39 PM

I use Windows XP and ran a trial version of Advanced Task Manager, under the drivers section it show a driver in red C:/Windows/system 32/driver/sp_redrv2.sys. The key shows "not certified-no file description-could be used for stealth purposes. It also showed in red C:/windows/system 32 driver/dump_atapi.sys. The key shows file not found and not loaded as a service. And a third driver in red, C:/windows/system 32driver/dump_WMILIB.S., file not found and not loaded as a service. What do I do to verify and if needed remove?

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:25 AM

Posted 07 February 2010 - 03:52 PM

Dump_atapi.sys and Dump_WMILIB are both perfectly legit.

You can check out the other one by uploading it to www.virustotal.com (I believe that one might be legit as well, if memory serves me, don't take my word for it though).

Is there are any reason you suspect you might have malware on your computer?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Spirit Gal

Spirit Gal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 07 February 2010 - 04:07 PM

Hi Eloise,

The result "could be used for stealth purposes" concerned me. I will upload it to www.virustotal.com and see what happens.

Thanks so much,

Kathy

#4 Spirit Gal

Spirit Gal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 07 February 2010 - 04:12 PM

Eloise,

Oh shoot, I am not sure how to find that file in the browse window. Can you help me? By the way, Advance Task Manager gave the driver a "very dangerous" rating.

Thanks,

Kathy

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:25 AM

Posted 07 February 2010 - 04:15 PM

Hello, hope this helps.

Just a heads up. If this is a "very dangerous" driver file, your computer ought to have other symptoms, for example redirects, slow performance, weird errors and so on.

SHOW HIDDEN FILES AND FOLDERS
-------------------------------------------------
Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK


UPLOAD A FILE
--------------------
We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

C:/Windows/system 32/driver/sp_redrv2.sys

If you get the message that the file has already been scanned before, please click Reanalyse file now.
Please post back the results of the scan in your next post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Spirit Gal

Spirit Gal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 07 February 2010 - 04:26 PM

I am in virus total and I need to browse to find the file...how do I find the file by browsing? There is no Choose file option on the main screen. Please help!

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:25 AM

Posted 08 February 2010 - 04:55 AM

Are you absolutely sure?

There should be a Choose file button roughly in the middle of the screen.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users