Results 1 to 11 of 11
  1. #1
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts

    What Are These ??

    I did a scan and found the following infections.. (See Screen-shot)

    I never had them before but last week I did upgrade my video card through Windows Update and I have a feeling they may be related to that.

    Anyway, I don't want to remove them until I find out more about them or if they are a false positive.

    They say they are part of the operating system.
    Attached Images Attached Images
    "If You Are Reading This In English, Thank A VET"

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Maybe check the files by uploading them to virustotal.com and see what the results are. If most engines consider it a virus, then it likely is a virus, if not, well, maybe it's a false positive.
    Rui
    -------
    R4

  3. #3
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    I can't find them. They may be hidden.

    I did a Google and no results there.
    "If You Are Reading This In English, Thank A VET"

  4. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Do you have your Windows Explorer set to show hidden and system files?
    Rui
    -------
    R4

  5. #5
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Yes.

    I can't find SPNZ.sys

    I'll do a windows search and see if that finds it.
    "If You Are Reading This In English, Thank A VET"

  6. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I would probably download a different scanner and have it scan the system. Since AVG says it's a rootkit, maybe try TDSSKiller or GMER.
    Rui
    -------
    R4

  7. #7
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Ha, you must be physic.

    I was just thinking of that.
    "If You Are Reading This In English, Thank A VET"

  8. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    That's a Daemon Tools SCSI Pass Through Direct Host driver (SPTD), it has known BSOD issues with Win7: http://carrona.org/drivers/driver.php?id=sptd.sys

    Removal tool here if you need it: http://www.duplexsecure.com/en/faq

  9. #9
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Sat, what I have is SPNZ.sys

    Thanks but I am gonna do some other scans first and see what happens..
    "If You Are Reading This In English, Thank A VET"

  10. #10
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    The driver is dynamically loaded; like many files of this type, the actual file name might vary from the 'normal' name - the name is allocated as it loads up.

    To see a selection of the names given to this driver, scroll down to the spxx.sys section of this page: http://www.carrona.org/dvrref.php#S
    Last edited by satrow; 2013-08-21 at 15:14.

  11. #11
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Well, just an update.
    As usual, I made an image before I removed it and it ended up removing my video drivers..

    Actually, I didn't remove the ones we are talking about here.
    I ran the Maleware bytes rootkit scanner and it flagged something else.

    I am gonna re-run the rootkit scanner and see if they can be ignored on future scans.

    Thank heavens for images..
    "If You Are Reading This In English, Thank A VET"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •