Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\Windows\Sysnative\drivers\sptd.sys issue


  • Please log in to reply
3 replies to this topic

#1 Arlissa

Arlissa

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 18 February 2012 - 10:08 AM

Hey,

My antivirus (Avira, the free version) registers the above file name as a warning. The file apparently could not be opened. Online I found that it is apparently linked to Daemon Tools and/or Alcohol. Neither of which I have installed. I scan regularly and it has never found this before. When manually going into the Windows folder and toggling show hidden files, I cannot find said folder. I used the command line to browse to it that way and it is still not there. I can't seem to conclusively find whether it is malicious or not or even remove it just in case as I cannot locate the folder in question. I was hoping perhaps someone here would know more or be able to help.

Thanks!

BC AdBot (Login to Remove)

 


#2 Arlissa

Arlissa
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 18 February 2012 - 11:05 AM

After about oh.... two hours of looking around, running various programs and even bugging the pants off of my tech savvy other half, we found that the folder is made by windows so that 32 bit applications can understand 64 bit files. A virtual folder windows makes, apparently. The file in question I finally managed to track down in the System32 folder, sitting there, unchanged since 2010 which is when I removed Daemon Tools. With Autoruns I managed to stop it loading when my computer boots and after a reboot Avira no longer flags it as a warning. Why it has only just begun to flag this file as a problem when it has been there for so long, I have no idea. So problem solved... I guess/hope.

#3 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:04:03 AM

Posted 18 February 2012 - 01:07 PM

Why did it start to flag the file would be a virus detection update that added that file. Probably a false detection. I would just for piece of mind go to the Antivirus makers forums and ask about it. Or it may even have a submit function.

There have been a couple of brands of A/V in the last couple of years that falsely detected windows system files a viruses and quarantined them. That caused many problems.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#4 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 1,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:04:03 AM

Posted 19 February 2012 - 01:30 AM

You are correct about \sysnative. . .

An x86 app running under x64 attempting to access \windows\system32 will be redirected to \windows\syswow64. The x86 app needs to look for \windows\sysnative, which is a virtual copy of \system32


In x64 -
\windows\system32 = 64-bit
\windows\syswow64 = 32-bit
\windows\sysnative = virtual copy of \system32

http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx


Edited by jcgriff2, 19 February 2012 - 01:33 AM.

Microsoft MVP 2009-2015
Microsoft Windows Insider MVP 2018 - Present




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users