My name is Jeroen, and I have an issue of which I don't know if it is a big problem. My laptop runs Windows 7 64-bit and I have Symantec Endpoint Protection installed.
Starting from today, I constantly get this popup from Symantec, telling me that traffic is blocked from an application called rspndr.sys..
I started to do some research, and found that this is a normal Windows file, however, viruses tend to rename themselves to this file in another directory. Then I started searching for rspndr.sys in my C:\ directory. This resulted in two (!) rspndr.sys files! One is placed in WINDOWS\system32\drivers\ , and the second one in WINDOWS\winsxs\amd64_microsoft-windows-networktopology-inf_31bf3856ad364e35_6.1.7600.16385_none_964d9ab5bcef73d2\
Reading information about the file online, it should only be stored in the system32\drivers directory, if I am right. So my question is: is this a virus?
When I open properties on both files, they seem to be both digitally signed by Microsoft
This is the information I found:
http://www.windowserrorfixer.com/nl-nl/ ... r.sys.html
This link states that a second rspndr.sys file is a result from a virus, "Backdoor:Win32/Cmjspy".
I do believe the second one might be the problem that Symantec is nagging about. I tried to delete it, but I do not have the "permission" to make any changes to that folder. If it is of no importance of the system (to me, if it is not a virus, it still seems redundant), how can I delete it?
Thanks in advance,
Jeroen Rood