Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

odd driver -- possibly malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

odd driver -- possibly malware

Unread postby yaur » March 19th, 2009, 2:01 pm

There is no HJT log here because I know functionally what tool I need to solve my problem... I just don't know what it is called or if it exists yet.

I have a machine that has a very strange driver loaded. What makes it strange is this:
-randomly named and the name changes on reboot
-isn't actually on the file system (even if its mounted as a data partition from Linux)
-registry entries referring to it are regenerated if removed
-doesn't show up in verifiers list of drivers
-its hooking a piece of hardware that isn't on the system

To me this looks like it could be malware/rootkit but Symantec (from windows) and clamav (from Linux) both report that the system is clean. So either its not harmful or a its a currently undetected piece of malware. Figuring out which is somewhat challenging.

What I am looking for is a tool that will let me dump an image of the driver to disk and examine it and also find out how its loading in the first place (probably by monitoring the SSDT). While it is within my abilities to write such a tool, I would rather use something off the shelf if such a tool already exists. Ideally this would be an open source tool, but in any case it can't rely on a closed source unsigned driver. Can you guys recommend a tool or should I write it myself?

Edit: also this is XP with SP 3 installed.
TIA
yaur
Active Member
 
Posts: 1
Joined: March 19th, 2009, 3:02 am
Advertisement
Register to Remove

Re: odd driver -- possibly malware

Unread postby NonSuch » March 20th, 2009, 1:02 am

Sorry, but we don't work in the dark, recommending tools for unknown infections. If you would like our assistance, please start a new topic and include a HijackThis log.

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware