Guest cs92004j-goo@yahoo.com Posted July 21, 2007 Posted July 21, 2007 I saw this module in the System process view in process explorer. According to process explorer it is located in system32\drivers but it is not really there, so I cannot submit it for analysis. When I launch Depends on this module it has the same attributes as atapi.sys - same file size, version number, date and time stamp, etc. When I view the module strings in the module properties in process explorer and compare them to the strings in atapi.sys they are exactly the same and in the same order. I did a google search on this but nothing came up. Has anyone else seen this or something similar and know what it is?
Guest Malke Posted July 21, 2007 Posted July 21, 2007 Re: alu9i4j2.SYS cs92004j-goo@yahoo.com wrote: > I saw this module in the System process view in process explorer. > According to process explorer it is located in system32\drivers but it > is not really there, so I cannot submit it for analysis. When I > launch Depends on this module it has the same attributes as atapi.sys > - same file size, version number, date and time stamp, etc. When I > view the module strings in the module properties in process explorer > and compare them to the strings in atapi.sys they are exactly the same > and in the same order. I did a google search on this but nothing came > up. Has anyone else seen this or something similar and know what it is? > What is the malware/virus status of the machine? If you think it is clean, what programs (and versions) did you use to determine this? Be sure the computer is clean: http://www.elephantboycomputers.com/page2.html#Removing_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://pcdid.com/Multi_AV.htm - download When all else fails, run HijackThis and post your log in one of the specialty forums listed at the first link above (not here, please). Malke -- Elephant Boy Computers http://www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User
Guest nass Posted July 21, 2007 Posted July 21, 2007 RE: alu9i4j2.SYS "cs92004j-goo@yahoo.com" wrote: > I saw this module in the System process view in process explorer. > According to process explorer it is located in system32\drivers but it > is not really there, so I cannot submit it for analysis. When I > launch Depends on this module it has the same attributes as atapi.sys > - same file size, version number, date and time stamp, etc. When I > view the module strings in the module properties in process explorer > and compare them to the strings in atapi.sys they are exactly the same > and in the same order. I did a google search on this but nothing came > up. Has anyone else seen this or something similar and know what it is? You need to be sure your system is clean from malware and Viruses by scanning for them Scan for malware from here: http://onecare.live.com/site/en-gb/default.htm?s_cid=sah http://onecare.live.com/standard/en-gb/default.htm Run a scan from here on-line: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner from here: http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine: http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/ http://free.grisoft.com/doc/5390/lng/us/tpl/v5 Download the Hijackthis and send the report to one of many forums for analysis and troubleshooting: http://www.merijn.org/index.php When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here. HTH. nass -------- http://www.nasstec.co.uk
Recommended Posts