|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
//noname
Guest
IP: 200.147.*.*
|
 Posted: Wed Oct 04, 2006 6:26 am Post subject: fxaypnwq.sys |
|
|
Looking for my startuplist log (by merijn - v. 1.52), I find a unknown driver:
| Quote: | Enumerating Windows NT/2000/XP services
[...]
opwpgilh: system32\drivers\fxaypnwq.sys (system) |
In registry:
| Quote: | [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opwpgilh]
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,78,00,61,00,79,00,70,00,6e,\
00,77,00,71,00,2e,00,73,00,79,00,73,00,00,00
"Group"="System Bus Extender"
"Start"=dword:00000000
"Type"=dword:00000001
"ErrorControl"=dword:00000001
"kkreyqis"="\\??\\C:\\a^mtbjxw.txt"
"repuvpqe"="C:\\WINDOWS"
"grlcpnhb"="ljfswtlf" |
I scaned my computer with F-secure blacklight and looked for others anomalies with Icesword 1.18, but nothing was found... The file fxaypnwq.sys doesn't exist in system32/drivers.
Someone have any idea/know about this file/service?
thanks.
=
|
|
| Back to top |
|
 |
Coder68
Trooper
Joined: Oct 04, 2006
Posts: 15
Location: USA
|
| Posted: Wed Oct 04, 2006 2:44 pm Post subject: |
|
|
I Googled it, but came up with zero hits.
Can you actualy get to the file? If so you might want to send it to several of the AV Cos. to see what they say.
Good luck,
Coder68
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Wed Oct 04, 2006 6:02 pm Post subject: |
|
|
Hi //noname,
Can you see that driver's name in the "Kernel Modules" section of IceSword?
Also, download AVG Anti-Rootkit Beta and install it. Launch the AVG Anti-Rootkit Beta and click "Perform in-depth search". Post back the results of this scan (do NOT remove any entries that AVG may detect).
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
//noname
Guest
IP: 200.147.*.*
|
| Posted: Thu Oct 05, 2006 5:28 am Post subject: |
|
|
hi all.
| Quote: | | Can you actualy get to the file? If so you might want to send it to several of the AV Cos. to see what they say. |
Nop... see the attachment... also >
Jotti Malware Scan: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
| Quote: | | Can you see that driver's name in the "Kernel Modules" section of IceSword? |
Nop...
The file attached is several rk detectors logs and results...
Soon, this service will be deleted if I will not get an information about this driver... =P
PS.: I'm sorry for my bad english...
| Description: |
|
Download |
| Filename: |
scan.txt |
| Filesize: |
10.87 KB |
| Downloaded: |
510 Time(s) |
|
|
| Back to top |
|
|
negster22
Security Expert
Premium Member
Joined: Mar 10, 2004
Posts: 5394
|
| Posted: Thu Oct 05, 2006 8:01 pm Post subject: |
|
|
Have you tried DarkSpy's driver module and online analyze registry functions? I didn't see it in your list.
http://www.fyyre.net/~cardmagic/pages/download/ds105en_en.html
Do you have any symptoms or were you just doing a routine checkup?
_________________
Negster22 - MS MVP - Consumer Security 2006-2008 
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
