Anyone know what this is?
- Thread starter kemical
- Start date
- May 7, 2013
- 10,400
It's probably Daemon Tools/Alcohol 120%, they seem to have lots of drivers with useless names.
I always am very auspicious about random driver/process/DLL names that result in zero results on Google. They are very likely to be a malware and should be disabled/removed ASAP until proven otherwise.
I once spent a couple of hours on an infected machine trying to figure out what a similar, cryptically named, dynamic driver was - it turned out to be Rootkit Revealer that I'd been running ...
Re. malware in dumps, yes, actually seeing the driver listed is rare - better to check Autoruns.arn for anomalies (entries in AppInit, as well as the usual places) and MSInfo32 to check if Security Accounts Manager (SAM) is stopped or under Components> Problem Devices for Security Processor Loader Driver ROOT\LEGACY_SPLDR\0000 This device is not present, is not working properly, or does not have all its drivers installed.
Getting hits like the above doesn't necessarily mean there's an infection, it certainly warrants a thorough check though.
View attachment 7895 <- Autoruns and MSInfo32 attached from a recent infected machine that I asked Patrick to check for me: BSOD Assistance - Tech Support Forum
Re. malware in dumps, yes, actually seeing the driver listed is rare - better to check Autoruns.arn for anomalies (entries in AppInit, as well as the usual places) and MSInfo32 to check if Security Accounts Manager (SAM) is stopped or under Components> Problem Devices for Security Processor Loader Driver ROOT\LEGACY_SPLDR\0000 This device is not present, is not working properly, or does not have all its drivers installed.
Getting hits like the above doesn't necessarily mean there's an infection, it certainly warrants a thorough check though.
View attachment 7895 <- Autoruns and MSInfo32 attached from a recent infected machine that I asked Patrick to check for me: BSOD Assistance - Tech Support Forum
- May 7, 2013
- 10,400
It's not difficult to find rookits with WinDbg though, although, most anti-rootkit programs will do the same job for you.
Has Sysnative Forums helped you? Please consider donating to help us support the site!