Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Combofix be used to delete a file?


  • Please log in to reply
11 replies to this topic

#1 Purpleheart

Purpleheart

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 12 March 2014 - 03:20 AM

Sorry if posted in wrong section, anyway

 

Hi,

I have a problem and need help.

 

I have a file located in C:\Windows\System32\drivers  called "SPTD.sys"

I think it came from the daemon tools I'm using.

 

The problem is several days ago, my daemon tools shows an error message:

"This program needs at least Windows 2000 with SPTD 1.51 or higher Kernel debugger must be deactivated"

 

I did not install anything prior this error, so there shouldn't be any changes made voluntarily by me.

 

I cannot delete this file by uninstalling/manual delete.

Manual delete says I need a permission from me (I am the admin of this laptop and I am the only one using it). Kinda weird.. 

Deleting from registry (regedit) is no success. Registry deleted and no SPTD found but re-opening regedit will show it's back.

 

Tried File Assassin from malwarebyte, it says the file cannot be deleted or not visible by File Assassin.

 

So, can someone help me delete this file, like using a combofix perhaps?

 

Thanks in advance.
 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:31 AM

Posted 12 March 2014 - 06:51 AM

Hello and Welcome -

I hope this is some of the information that you are looking for.

Do Not try to run ComboFix to remove this program / driver.

 

From BleepingComputer Data Base

 

This is a valid program that is required to run at startup.

This program is required to run on startup in order to benefit from its functionality or so that the program will work.

 

Description: Driver used by the CD Rom emulation program, Daemon Tools Version 4.
There have been some reports of problems with this driver.

 

Filename: sptd.sys

 

File Location: %System%\Drivers\sptd.sys

 

Note: %System% is a variable that refers to the Windows System folder.
By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7.

 

Note - DeFogger is the name of a tool used to disable this program only while ComboFix is being run.

It is not designed to be fully removed, just disabled, during certain Malware removal operations.



#3 Purpleheart

Purpleheart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 12 March 2014 - 12:02 PM

Thank you for your response.

 

I think I need to delete this file and reinstall the new one.

Because I cannot use daemon tools without this file functioning properly.

 

This is the screenshot when re-installing daemon tools

 

SPTD_Error.png

 

Note: I do not have antivirus prior installing. Windows defender turned off. I have malwarebytes now but still showing the same error.

 

I believe this is a corrupt data file due to sudden power out when daemon tool is being used. 

 

In Computer management > system tools > Event viewer. The SPTD.sys is listed under error category

"Driver detected an internal error in its data structures for ."

 

Tried the DeFogger. But seems problem persists.

 

What should I do now?

 

Thanks



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:31 PM

Posted 12 March 2014 - 12:06 PM

CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD, etc) use rootkit-like techniques to hide from other applications and can interfere with investigative or anti-rootkit (ARK) tools. This interference can produce misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general dross. This 'dross' often makes it hard to differentiate between genuine malicious rootkits and the legitimate drivers used by CD Emulators. In some cases, the drivers related to such tools can cause crashes or system hanging when attempting to boot into safe mode. Since CD Emulators use a hidden driver which can be seen as a rootkit and interfere with providing accurate results or cause other problems, it is recommended that they be removed or disabled until disinfection is completed.

* Why we request you disable CD Emulation when receiving Malware Removal Advice

Uninstalling CD Emulation Software
DuplexSecure's FAQ page for uninstalling the SPTD driver

BTW, the answer to your topic question is yes...ComboFix can delete a specific file but we do not recommend folks to attempt to do so without proper supervision and guidance (see here).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:31 AM

Posted 12 March 2014 - 08:57 PM


I do not have antivirus prior installing. Windows defender turned off.

I have malwarebytes now but still showing the same error.

Hi -

Please note that Malwarebytes Anti-Malware is not an Antivirus, but designed to run beside an Antivirus program.

If you use the Pro (paid) version, this should also be disabled.

 

You do not mention your Operating System (XP / Vista / Windows 7 or 8) so this makes it hard to fully answer sometimes.

There are plenty of Free Antivirus programs, or Windows 8 has Defender already installed and will run.

 

There are some programs that will ask you to Temporarily Disable Your Anti-virus while you install them (quite normal).

 

Have you tried to go to Device Manager and check for any yellow or red ( ! or ? ) marks near CD/DVD Player ??



#6 Purpleheart

Purpleheart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 13 March 2014 - 12:14 AM

Hi,

 

I'm using windows 7, Home premium, service pack 1, x64 bit, 8 GB memory RAM.

 

I do not have any antivirus, windows defender turned off.

Last time formatted was 10-11 months ago and never did install any anti virus software.

I have been using daemon tools for months, probably since laptop last formatted.

The daemon tools stop working suddenly. I didn't recall installing anything prior. I think the problem occur due to sudden electricity lost when an image is still mounted and causes a corrupt file of SPTD.sys.

 

Daemon tools is uninstalled and reinstalled with no problem. But in order to fully functioning (mounting an image), it needs a working SPTD. This is the problem.

I did use the standalone installer (DuplexSecure's FAQ page for uninstalling the SPTD driver, I have tried this one before making a post here).

 

SPTD_Error2.png

 

As you can see, the program does not detect I have a SPTD. but the file is visible above. This is the x64 installer. Tried x32 too, but wrong version.

Installing says the same thing: "system file write error. Disable possible antivirus applications."

 

Note:

- I never installed any antivirus software since the clean format. This error message before I even install malwarebytes with bit defender turned off.

- Scan with malwarebytes, result: clean

- Scan with malwarebytes, emulation disabled with defogger, result: clean

- Daemon tools installed or uninstalled, problem persists. Still can't install the SPTD due to old SPTD file is locked (I cannot rename / delete)

- Require my permission to delete this file, I am the admin and the only user of this laptop. Changing permission (nothing need to be changed actually). it keeps denying my access to delete it, even I have 'checked full control' checkbox of the file.

 

so all these drawn me to the conclusion this is a corrupted file due to sudden computer shut down (lost electricity).

 

Yes I did look to device manager.

In Computer management > system tools > Event viewer. The SPTD.sys is listed under error category

"Driver detected an internal error in its data structures for ."

 

DMError.png

 

Update --> Uptodate.

Uninstall --> Will be reinstalled automatically when the next time I run daemon tool. And will show the same error.

I do not see any troubleshoot button.

 

 

I did try uninstall/delete the file and registry in safe mode. Problem persists as if it's not in safe mode.


Edited by Purpleheart, 13 March 2014 - 12:21 AM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:31 PM

Posted 13 March 2014 - 06:14 AM

You can always check with DAEMON Tools Tech support (contact, phone, email).

Or you can ask at the DAEMON Tools support Forums.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Purpleheart

Purpleheart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 13 March 2014 - 10:29 AM

I will do that in meantime, thank you for your help.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:31 PM

Posted 13 March 2014 - 11:37 AM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:31 AM

Posted 13 March 2014 - 09:52 PM

I do not have any antivirus, windows defender turned off.
This error message before I even install malwarebytes with bit defender turned off.

Please note that Bit Defender and Windows Defender are in no way related.
You are most likely causing more problems rather than fixing them with no Antivirus.

 

Every email you send or recieve may, in some way, carry a hidden infection.

 

Free Antivirus programs: (choose and install only one).
* avast! Free Antivirus <- includes Google Chrome pre-checked by default during installation but gives you the option to uncheck
* Microsoft Security Essentials <- includes the option to join the customer experience improvement program
* BitDefender Antivirus Free Edition
* Avira Free Antivirus <- includes Ask.com Toolbar pre-checked by default during installation
* AVG Anti-Virus Free Edition <- includes AVG Security Toolbar - AVG Secure Search pre-checked by default during installation but gives you the option to uncheck

 

It is very simple to select and install one of the Totally Free Antivirus programs listed above.

Many other very good programs are available as Totally Free, or for 1 to 3 months Free Trial.



#11 Purpleheart

Purpleheart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 13 March 2014 - 10:15 PM

Oops, sorry typo, I meant windows defender



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:31 PM

Posted 14 March 2014 - 05:42 AM

Windows Defender is an anti-spyware tool intended to supplement your anti-virus program. The version of Windows Defender included with all versions of Windows 7 and Vista is part of the operating system so it cannot be uninstalled but it can be disabled and it's service turned off.

If you install an anti-virus such as Microsoft Security Essentials, it will automatically disable (not uninstall) Windows Defender on Vista and Windows 7 and uninstall it from XP before installation because it provides the same type of protection against spyware as Windows Defender. If you attempt to turn on Windows Defender, MSE will notice and take action to stop you from doing that. If you remove your anti-virus software, you will need to turn Defender back on in order to use it's protection.

In any case, I see you have posted here and are already getting help. Be sure to contact their offical Tech Support Team as instructed. I recommend you not make any changes to your system without them knowing about it or that could make resolving this problem more difficult.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users