kemical BSOD Kernel Dump Senior Analyst Joined Feb 25, 2014 Posts 31 Location London May 2, 2014 #1 Hey, I'm currently debugging a thread and came across this driver: aibg5qih.SYS Sun Nov 28 10:38:44 2010 Google nor the Driver reference table have no reference so I'm hoping someone out there has an idea what it may be?
Hey, I'm currently debugging a thread and came across this driver: aibg5qih.SYS Sun Nov 28 10:38:44 2010 Google nor the Driver reference table have no reference so I'm hoping someone out there has an idea what it may be?
satrow Moderator, BSOD Kernel Dump Senior Analyst Staff member Joined Apr 12, 2012 Posts 993 Location Cymru May 2, 2014 #2 That'll be a dynamic driver for Daemon Tools/Alcohol 120% - a???????.SYS is the giveaway, check the DRT A list.
That'll be a dynamic driver for Daemon Tools/Alcohol 120% - a???????.SYS is the giveaway, check the DRT A list.
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,269 Location %systemroot% May 2, 2014 #3 It's probably Daemon Tools/Alcohol 120%, they seem to have lots of drivers with useless names.
kemical BSOD Kernel Dump Senior Analyst Joined Feb 25, 2014 Posts 31 Location London May 2, 2014 #4 Much thanks for the replies. The user did indeed have Daemon tools/Alcohol 120% so you guy's were bang on the money. :thumbsup2:
Much thanks for the replies. The user did indeed have Daemon tools/Alcohol 120% so you guy's were bang on the money. :thumbsup2:
TomasD Sysnative Staff, BSOD Kernel Dump Senior Analyst Staff member Joined May 7, 2013 Posts 461 Location Kaunas, Lithuania May 2, 2014 #5 I always am very auspicious about random driver/process/DLL names that result in zero results on Google. They are very likely to be a malware and should be disabled/removed ASAP until proven otherwise.
I always am very auspicious about random driver/process/DLL names that result in zero results on Google. They are very likely to be a malware and should be disabled/removed ASAP until proven otherwise.
kemical BSOD Kernel Dump Senior Analyst Joined Feb 25, 2014 Posts 31 Location London May 2, 2014 #6 As finding these these unknown quantities is usually quite rare suspicions are normally raised straight away especially if the date is recent. Weirdly though I've found malware in a dump file only once.
As finding these these unknown quantities is usually quite rare suspicions are normally raised straight away especially if the date is recent. Weirdly though I've found malware in a dump file only once.
satrow Moderator, BSOD Kernel Dump Senior Analyst Staff member Joined Apr 12, 2012 Posts 993 Location Cymru May 2, 2014 #7 I once spent a couple of hours on an infected machine trying to figure out what a similar, cryptically named, dynamic driver was - it turned out to be Rootkit Revealer that I'd been running ... Re. malware in dumps, yes, actually seeing the driver listed is rare - better to check Autoruns.arn for anomalies (entries in AppInit, as well as the usual places) and MSInfo32 to check if Security Accounts Manager (SAM) is stopped or under Components> Problem Devices for Security Processor Loader Driver ROOT\LEGACY_SPLDR\0000 This device is not present, is not working properly, or does not have all its drivers installed. Getting hits like the above doesn't necessarily mean there's an infection, it certainly warrants a thorough check though. View attachment 7895 <- Autoruns and MSInfo32 attached from a recent infected machine that I asked Patrick to check for me: BSOD Assistance - Tech Support Forum
I once spent a couple of hours on an infected machine trying to figure out what a similar, cryptically named, dynamic driver was - it turned out to be Rootkit Revealer that I'd been running ... Re. malware in dumps, yes, actually seeing the driver listed is rare - better to check Autoruns.arn for anomalies (entries in AppInit, as well as the usual places) and MSInfo32 to check if Security Accounts Manager (SAM) is stopped or under Components> Problem Devices for Security Processor Loader Driver ROOT\LEGACY_SPLDR\0000 This device is not present, is not working properly, or does not have all its drivers installed. Getting hits like the above doesn't necessarily mean there's an infection, it certainly warrants a thorough check though. View attachment 7895 <- Autoruns and MSInfo32 attached from a recent infected machine that I asked Patrick to check for me: BSOD Assistance - Tech Support Forum
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,269 Location %systemroot% May 2, 2014 #8 It's not difficult to find rookits with WinDbg though, although, most anti-rootkit programs will do the same job for you.
It's not difficult to find rookits with WinDbg though, although, most anti-rootkit programs will do the same job for you.