Author Topic: Strange Rootkit Detections, Help Please  (Read 3129 times)

0 Members and 1 Guest are viewing this topic.

January 07, 2015, 07:24:33 am

Firedark142

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Strange Rootkit Detections, Help Please
« on: January 07, 2015, 07:24:33 am »
Hello, I ran a scan with Roguekiller and I got 3 orange warnings for my Antirootkit (Kernel.Filter). Now I don't think they are that dangerous as the files are FPwinIo.sys (For two of them) and psd.sys for one of them. Checking these files online I figured out the FPwinIo.sys probably relates to my fingerprint scanner and psd.sys probably relates to my  Infineon Technologies Personal Secured Drive.

Anyway here is the rootkit detection:

Antirootkit : 3 (Driver: Loaded)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\Disk @ \Device\Harddisk1\DR1 (\SystemRoot\system32\DRIVERS\FPWinIo.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP2T0L0-2 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\drivers\psd.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP0T0L0-0 : \Driver\Disk @ \Device\Harddisk0\DR0 (\SystemRoot\system32\DRIVERS\FPWinIo.sys)

I ran the Norton, Microsoft and Kaspersky rootkit scanners as well as Malwarebytes and Spybot and came up with no errors or rootkits. I think these might need to be whitelisted in the future. What is your opinion?

Reply #1January 07, 2015, 03:07:23 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2450
  • Reputation:
    84
    • View Profile
Re: Strange Rootkit Detections, Help Please
« Reply #1 on: January 07, 2015, 03:07:23 pm »
Hello Firedark142,

Welcome to Adlice.com Forum.
These drivers are indeed legit. They will be whitelisted in the next release of RogueKiller.

Regards.