| View previous topic :: View next topic |
| Author |
Message |
SolidDude
Cadet
Joined: Sep 25, 2006
Posts: 1
Location: Australia
|
 Posted: Mon Sep 25, 2006 7:13 am Post subject: Removing suspect SSDT files |
|
|
I have red files labelled 'Unknown' and 'pxfsf.sys' in the SSDT. They have no path, so how do I remove them, and is there any reason why I shouldn't?
Also, there is a suspect file called C:\Program Files\Symantec\SYMEVENT.SYS . Isn't Symantec a reliable source? I feel hesitant in deleting it in the danger it may harm other security options.
|
|
| Back to top |
|
 |
horseman
Lieutenant
Premium Member
Joined: Apr 15, 2003
Posts: 235
|
| Posted: Mon Sep 25, 2006 10:43 am Post subject: Re: Removing suspect SSDT files |
|
|
| SolidDude wrote: | | I have red files labelled 'Unknown' and 'pxfsf.sys' in the SSDT. |
Regarding the latter driver it would superficially appear that you are (or have in the past) been running Prevx anti-malware?
This driver hooks native API's in order to monitor key system events as part of the local Prevx agent security monitoring system.
So if Prevx was intentionally installed then the red entries related to this driver are likely all typical.
In the unlikely event this is a failed (un)install (or even something more covertly masquerading as a PX component) then the Prevx1 forums on this CC website (&/or PrevX tech support) can assist a clean removal/re-install etc. There is a cleanup utility referenced on those fora headers that can remove other remaining components (PX???.sys dll) that you'll likely also find in >
C:\Windows\system32\Drivers
and other folders elsewhere
The "unknown" SSDT may potentially be more disconcerting (although equally may proove eventually to be innocent) and require further investigation.
If you are (as I suspect) explicitly running a viable copy of Prevx then I suggest availing yourself of the more exhaustive Health Check feature you can access via the Prevx Management Console.
If this subsequently prooves negative AND more expert assistance you receive here/elsewhere still indicates you have malware that perceivable has evaded Prevx detection then I'm sure their Tech Support would be very gratefull for the opportunity to both assist and identify the problem before all forensics are irretrievably lost by subsequent cleanup processes.?
I trust these suggestions/observations do not "tread on any toes" or "muddy the waters"?
_________________
Regards Tony
Draco Dormiens Nunquam Titillandus
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17542
|
|
| Back to top |
|
|
horseman
Lieutenant
Premium Member
Joined: Apr 15, 2003
Posts: 235
|
| Posted: Tue Sep 26, 2006 7:07 am Post subject: |
|
|
I'm obliged - cognitative recognition algorithm re-coded, prescription spectacles changed and pointer duly noted for future compliance!. 
_________________
Regards Tony
Draco Dormiens Nunquam Titillandus
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17542
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
