Show Posts
1
Malware removal help / Strange Rootkit Detections, Help Please
« on: January 07, 2015, 07:24:33 AM »
Hello, I ran a scan with Roguekiller and I got 3 orange warnings for my Antirootkit (Kernel.Filter). Now I don't think they are that dangerous as the files are FPwinIo.sys (For two of them) and psd.sys for one of them. Checking these files online I figured out the FPwinIo.sys probably relates to my fingerprint scanner and psd.sys probably relates to my Infineon Technologies Personal Secured Drive.
Anyway here is the rootkit detection:
¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\Disk @ \Device\Harddisk1\DR1 (\SystemRoot\system32\DRIVERS\FPWinIo.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP2T0L0-2 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\drivers\psd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP0T0L0-0 : \Driver\Disk @ \Device\Harddisk0\DR0 (\SystemRoot\system32\DRIVERS\FPWinIo.sys)
I ran the Norton, Microsoft and Kaspersky rootkit scanners as well as Malwarebytes and Spybot and came up with no errors or rootkits. I think these might need to be whitelisted in the future. What is your opinion?
Anyway here is the rootkit detection:
¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\Disk @ \Device\Harddisk1\DR1 (\SystemRoot\system32\DRIVERS\FPWinIo.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP2T0L0-2 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\drivers\psd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP0T0L0-0 : \Driver\Disk @ \Device\Harddisk0\DR0 (\SystemRoot\system32\DRIVERS\FPWinIo.sys)
I ran the Norton, Microsoft and Kaspersky rootkit scanners as well as Malwarebytes and Spybot and came up with no errors or rootkits. I think these might need to be whitelisted in the future. What is your opinion?
