A newbie problem

Ask your beginner questions here.
Post Reply
User avatar
myodyne
Posts: 8
Joined: Sat Jan 26, 2013 10:15 am

A newbie problem

Post by myodyne » Mon Oct 29, 2018 3:42 pm

Hello there kernel brothers and sisters.

Running an old pc with WinXP SP3 with Daemon Tools v4.10 and VMWare v6.5.2 installed.

Having noticed this strange behaviour. A driver that doesn't exist in disk, but appears in Process Explorer and in AutoRuns.
The funny thing is that it changes its name after reboot. Or is something else?
1.png
2.png
Kaspersky TDSKiller didn't find any problem.

GMER showed sptd.sys some hooks but I think they are coming from Daemon Tools.
3.png
Didn't run the above in Safe Mode. But before searching deeper, would you mind helping me with this ? Any good suggestions?

Thanks in advance.
You do not have the required permissions to view the files attached to this post.

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: A newbie problem

Post by EP_X0FF » Mon Oct 29, 2018 4:22 pm

sptd.sys (Alcohol/Daemon tools) uses rootkit techniques to hide itself from DRM. It is known behavior.
Ring0 - the source of inspiration

User avatar
myodyne
Posts: 8
Joined: Sat Jan 26, 2013 10:15 am

Re: A newbie problem

Post by myodyne » Mon Oct 29, 2018 9:23 pm

Thanks a lot master EP_X0FF.

Being away for a while, I thought of first being sure by asking the best , before being scared to death.

;-)

Post Reply