Results 1 to 15 of 15
  1. #1
    New Lounger
    Join Date
    Jan 2013
    Location
    Fife, Scotland
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts

    ADWCleaner finds a service I can't identify

    I've just done a scan with ADWCleaner and it flags up a service called 8101543drv.

    A google search gives me no hits whatsoever!

    I cannot find it listed as a service.

    Is it malicious?

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,636
    Thanks
    147
    Thanked 883 Times in 844 Posts
    Was that in the lower pane during the scan or was it in the report ?

    You could create a restore point, allow ADW to delete and then see if anything doesn't work afterwards - at least that's what I would do.

  3. #3
    New Lounger
    Join Date
    Jan 2013
    Location
    Fife, Scotland
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for your prompt response.

    It shows in the lower pane as a service - 8101543drv - and a file in Windows/System32/drivers as 8101543drv.sys

    It is also reported in the logfile - is that what you mean by report?

    I think I'll hang fire for a bit to see if anyone can come up with an explanation.

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,636
    Thanks
    147
    Thanked 883 Times in 844 Posts
    Yes, they've changed some of the terminology - Report used to be listed as the option for the Logfile.

    Is this the first time you have run ADW or have you installed anything since the last scan ?
    Last edited by Sudo15; 2015-04-16 at 13:18.

  5. #5
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,078
    Thanks
    0
    Thanked 259 Times in 248 Posts
    A Search on Google found nothing but www.duckduckgo.com thinks it's part of Pinnacle Studio. Do you have that installed?

  6. #6
    New Lounger
    Join Date
    Jan 2013
    Location
    Fife, Scotland
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It's been about a month since I last ran ADWCleaner - I have installed and uninstalled several programmes since then - remembering what is a different matter!

    I've never used Pinnacle Studio.

  7. #7
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,636
    Thanks
    147
    Thanked 883 Times in 844 Posts
    Then it's possible you have picked it up as a PuP when you've installed something.

    Do you have anything in Programs and Features that you haven't installed ?

  8. #8
    New Lounger
    Join Date
    Jan 2013
    Location
    Fife, Scotland
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts
    OK - I've created a restore point and used ADWCleaner to remove the item - all seems well.

    Thanks for your very prompt responses :-)

    It would be nice to know just what it was though!

  9. #9
    5 Star Lounger RussB's Avatar
    Join Date
    Dec 2009
    Location
    Grand Rapids, Michigan
    Posts
    803
    Thanks
    10
    Thanked 50 Times in 49 Posts
    Sometimes you can right-click these mysterious files and get a hint as to who developed them or open them with a with a HEX Editor or even in Notepad and get hints.
    Do you "Believe"? Do you vote? Please Read:
    LEARN something today so you can TEACH something tomorrow.
    DETAIL in your question promotes DETAIL in my answer.
    Dominus Vobiscum <))>(

  10. The Following User Says Thank You to RussB For This Useful Post:

    Fascist Nation (2015-04-16)

  11. #10
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,636
    Thanks
    147
    Thanked 883 Times in 844 Posts
    Did you check Programs and Features for any strangers ?

  12. #11
    New Lounger
    Join Date
    Jan 2013
    Location
    Fife, Scotland
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yes I did check Programs - nothing seemed out of place.

    I did try right clicking and looking at the properties - absolutely nothing!

    HEX editor would have been a good idea - didn't think of that :-(

  13. #12
    jwoods
    Guest
    You can also upload suspicious files to VirusTotal, which does a free analysis (files and URL's)...

    https://www.virustotal.com/

  14. #13
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Are you a Kaspersky user?

  15. #14
    New Lounger
    Join Date
    Jan 2013
    Location
    Fife, Scotland
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yes, I'm using Kaspersky Internet Security.

  16. #15
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Then the files flagged are likely to be false positives; it looks like Kaspersky creates 'dynamic' drivers based on a random number string, either at boot or as required for a scan. Randomly changing driver names for anti-rootkit/AV drivers are a method of trying to slow down any possible infection that looks to disable the resident antivirus by name, giving more time for it to be detected and disinfected/quarantined.

    See the 3 out of 4 top entries here: http://www.carrona.org/dvrref.php#8

  17. The Following User Says Thank You to satrow For This Useful Post:

    Fascist Nation (2015-04-18)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •