IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> TDSSkiller found 2 objects - PMEM and sptd, medium risk, harmless or not?
murkelei
post 4.02.2012 01:20
Post #1


Newbie
*

Group: Members
Posts: 2
Joined: 4.02.2012




I got 2 objects as result - both medium risk (under Windows7 64bit Ultimate):

Unsigned file
Service: PMEM
Suspicious object, medium risk
Service type: Kernel driver (0x1)
Service Start: Auto (0x2)
File c:\windows\sysWOW64\drivers\pmemnt.sys
MD5: 2b85237f904c5bdf7ad386f0ede19bd3

Locked file
Service: sptd
Suspicious object, medium risk
Service type: Kernel driver (0x1)
Service Start: Boot (0x0)
File c:\windows\system32\drivers\sptd.sys
MD5: d519ad2de7968cd2b47fea807c5b29b2

What should I do?

Plus a general question - does it make a big difference running TDSSkiller in safe mode?
Go to the top of the page
 
+Quote Post
richbuff
post 4.02.2012 01:58
Post #2


Oldtimer
****************

Group: Moderators
Posts: 47445
Joined: 14.06.2007




Welcome.
QUOTE
File c:\windows\sysWOW64\drivers\pmemnt.sys
MD5: 2b85237f904c5bdf7ad386f0ede19bd3
https://www.virustotal.com/file/19492aef032...5062b/analysis/
QUOTE
Sigcheck publisher................: Microsoft Corporation
product..................: Microsoft® Windows NT™ Operating System
internal name............: PMEMNT.SYS



QUOTE
File c:\windows\system32\drivers\sptd.sys
MD5: d519ad2de7968cd2b47fea807c5b29b2
https://www.virustotal.com/file/8b658f7e21e...74d6a/analysis/
QUOTE
Sigcheck publisher................: Duplex Secure Ltd.
product..................: SCSI Pass Through Direct
internal name............: SPTD.SYS
copyright................: Copyright © 2004
signing date.............: 5:35 AM 8/20/2011
original name............: sptd.sys
signers..................: Duplex Secure Ltd
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority



QUOTE
What should I do?
Search the MD5?


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
murkelei
post 4.02.2012 02:34
Post #3


Newbie
*

Group: Members
Posts: 2
Joined: 4.02.2012




Uhm - thanx!
Though I don't get it concerning MD5 - what's that for and why should I search it?
And what about my safe mode question?

Go to the top of the page
 
+Quote Post
richbuff
post 4.02.2012 06:28
Post #4


Oldtimer
****************

Group: Moderators
Posts: 47445
Joined: 14.06.2007




2. Run in Normal mode first. Run in Safe mode, if normal mode has issues, or if you are instructed to run in safe mode.

1. Please use the search function of this website (click here).


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 24.04.2014 18:57