2 .sys files flagged as File.Forged - False Positives or not ?

[Kryss1621]

Greetings.

As introduced in the subject, my last scan got two files flagged as File.Forged > hidparse.sys - hidusb.sys

Here is the report.

__

RogueKiller V12.3.4.0 (x64) [Jun 20 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 10 (10.0.10586) 64 bits version
Démarré en  : Mode normal
Utilisateur : x [Administrateur]
Démarré depuis : C:\Users\x\Downloads\RogueKillerX64 (10).exe
Mode : Scan -- Date : 06/20/2016 15:57:23

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 0 ¤¤¤

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 2 ¤¤¤
[File.Forged][Fichier] C:\Windows\System32\drivers\hidparse.sys -> Trouvé(e)
[File.Forged][Fichier] C:\Windows\System32\drivers\hidusb.sys -> Trouvé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

__

I don't get anything else with any other software so I just wanted to make it sure before taking any actions.

Thanks in advance.

[Curson]

Hi Kryss1621,

Welcome to Adlice.com Forum.
Could you please post the JSON report in your next reply ?

Regards.

[Kryss1621]

Sure, here you go.

[Curson]

Hi Kryss1621,

At first sight, the files are harmless. However, they are not digitally signed which is really unusual.
I don't think it's absolutely necessary, but do you want them to be replaced by signed copies ?

Regards.

[Kryss1621]

First of all, thanks for the quick replies.

Secondly, if there is an easy way to replace them by signed and sure copies to avoid any problem like that in the future, I would gladly do so.

[Curson]

Hi Kryss1621,

You are very welcome.
OK. Please follow the following process :

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Copy/paste the following string in the Search box : hidparse.sys*;hidusb.sys*
  
• Press Search Files button.
  
• It will produce a log called Search.txt in the same directory the tool is run from.
  
• Please attach log back here.

Regards.

[Kryss1621]

Here is the txt file.

[Curson]

Hi Kryss1621,

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Regards.

[Kryss1621]

Done, and here is the fixlog.txt .

[Curson]

Hi Kryss1621,

The files has been replaced with signed copies.
You could now delete FRST and the files linked to it.

Regards.