Adlice forum

General Category => Malware removal help => Topic started by: Firedark142 on January 07, 2015, 07:24:33 AM

Title: Strange Rootkit Detections, Help Please
Post by: Firedark142 on January 07, 2015, 07:24:33 AM

Hello, I ran a scan with Roguekiller and I got 3 orange warnings for my Antirootkit (Kernel.Filter). Now I don't think they are that dangerous as the files are FPwinIo.sys (For two of them) and psd.sys for one of them. Checking these files online I figured out the FPwinIo.sys probably relates to my fingerprint scanner and psd.sys probably relates to my  Infineon Technologies Personal Secured Drive.

Anyway here is the rootkit detection:

¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\Disk @ \Device\Harddisk1\DR1 (\SystemRoot\system32\DRIVERS\FPWinIo.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP2T0L0-2 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\drivers\psd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP0T0L0-0 : \Driver\Disk @ \Device\Harddisk0\DR0 (\SystemRoot\system32\DRIVERS\FPWinIo.sys)

I ran the Norton, Microsoft and Kaspersky rootkit scanners as well as Malwarebytes and Spybot and came up with no errors or rootkits. I think these might need to be whitelisted in the future. What is your opinion?

Title: Re: Strange Rootkit Detections, Help Please
Post by: Curson on January 07, 2015, 03:07:23 PM

Hello Firedark142,

Welcome to Adlice.com Forum.
These drivers are indeed legit. They will be whitelisted in the next release of RogueKiller.

Regards.