Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Symantec blocking rspndr.sys

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Symantec blocking rspndr.sys

Unread postby jeroenrood » June 11th, 2013, 6:47 am

Hello everyone,

My name is Jeroen, and I have an issue of which I don't know if it is a big problem. My laptop runs Windows 7 64-bit and I have Symantec Endpoint Protection installed.

Starting from today, I constantly get this popup from Symantec, telling me that traffic is blocked from an application called rspndr.sys..

I started to do some research, and found that this is a normal Windows file, however, viruses tend to rename themselves to this file in another directory. Then I started searching for rspndr.sys in my C:\ directory. This resulted in two (!) rspndr.sys files! One is placed in WINDOWS\system32\drivers\ , and the second one in WINDOWS\winsxs\amd64_microsoft-windows-networktopology-inf_31bf3856ad364e35_6.1.7600.16385_none_964d9ab5bcef73d2\

Reading information about the file online, it should only be stored in the system32\drivers directory, if I am right. So my question is: is this a virus?
When I open properties on both files, they seem to be both digitally signed by Microsoft

This is the information I found:

http://www.windowserrorfixer.com/nl-nl/ ... r.sys.html
This link states that a second rspndr.sys file is a result from a virus, "Backdoor:Win32/Cmjspy".

I do believe the second one might be the problem that Symantec is nagging about. I tried to delete it, but I do not have the "permission" to make any changes to that folder. If it is of no importance of the system (to me, if it is not a virus, it still seems redundant), how can I delete it?

Thanks in advance,
Jeroen Rood
jeroenrood
Active Member
 
Posts: 2
Joined: June 11th, 2013, 6:12 am
Advertisement
Register to Remove

Re: Symantec blocking rspndr.sys

Unread postby Gary R » June 14th, 2013, 12:41 pm

Both files are legitimate. If not, I've got a virus as well (and I haven't) since I have both those files in identical locations on my Windows7 x64 computer as well.

This looks like a "false identification" by Symantec. We can check the files if you want, but I'd be surprised if they flag as anything malicious.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Symantec blocking rspndr.sys

Unread postby jeroenrood » June 14th, 2013, 12:48 pm

Thanks for your reply. For school, I have some busy times going on right now, so I completely forgot. It seems that as of that day, I did not have these "traffic blocked for rspndr.sys" notifications anymore. Maybe Symantec updated the database/had an error that very moment. Anyway, thank you for checking with me that both files are legitimate! Now I don't have to worry about it being malicious. :-)

And, as I don't get this notification anymore, and considering both files might be needed, I think it is best to leave them both on the computer.

Cheers,
Jeroen Rood
jeroenrood
Active Member
 
Posts: 2
Joined: June 11th, 2013, 6:12 am

Re: Symantec blocking rspndr.sys

Unread postby Gary R » June 14th, 2013, 12:59 pm

You're welcome :) glad we could set your mind at rest.

As your problem appears to be resolved ....

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware