Support Forum for TrojanHunter anti-malware remover and other products, including freeware

Welcome, Guest. Please Login or Register.

Search

Members

Login

Register

   Mischel Internet Security Forum
   Other Products
   Utilities (Moderators: Helena, Gavin_Coe, Magnus)
   Packed Driver Detector 0.9 Released

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: Packed Driver Detector 0.9 Released (Read 2511 times)

Magnus
Administrator

Ad astra per aspera.

Posts: 4523

Packed Driver Detector 0.9 Released
« on: Sep 20^th, 2008, 8:55pm »

Quote

Modify

We've just released the beta version of a new tool named Packed Driver Detector.

Download: http://www.misec.net/products/PDD.exe

What does this thing do?

Drivers are system files that are used in kernel mode to execute system code. Rootkits use a driver (.sys) file to subvert the Windows kernel and hide their presence in the system. Recent rootkits have begun packing and/or encrypting their driver files to make them harder to detect.

This tool identifies packed driver files. On an uninfected system there should be no packed driver files. Use this tool to identify any packed driver files on your system.

How can I help?

This is the first beta release of Packed Driver Identifier. If you want to help out testing it, download and run it to scan your system. If the tool identifies any packed drivers, don't panic. This is the first release of the tool and the identified files are very likely legitimate. Please email the detected driver files to support@misec.net along with your scan log. We will analyze the files for you and tell you if they really are something to worry about.

It would be very helpful if you could post your scan report even if no packed drivers are identified. This is to help verify that the tool is actually not reporting any packed files on most (presumably clean) systems.

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: Packed Driver Detector 0.9 Released
« Reply #1 on: Sep 23^rd, 2008, 12:57am »

Quote

Modify

Here is a scan log from Vista SP1 Business using PDD

Quote:

Scanning C:\Windows\system32\drivers\
Found packed driver file: C:\Windows\system32\drivers\ctdvda2k.sys
Found packed driver file: C:\Windows\system32\drivers\spsys.sys

The two files have been emailed to support@misec.net

Here is a scan log from XP-SP3 using PDD

Quote:

Scanning C:\Windows\system32\drivers\
Found packed driver file: C:\Windows\system32\drivers\ctdvda2k.sys

Both computers have a Creative Sound Blaster sound card.

« Last Edit: Sep 23^rd, 2008, 1:19am by siliconman01 »

IP Logged

______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7358

Re: Packed Driver Detector 0.9 Released
« Reply #2 on: Sep 24^th, 2008, 2:22am »

Quote

Modify

Am I correct in assuming that these packed drivers are valid and not to worry?

IP Logged

Magnus
Administrator

Ad astra per aspera.

Posts: 4523

Re: Packed Driver Detector 0.9 Released
« Reply #3 on: Sep 24^th, 2008, 3:09am »

Quote

Modify

Hi Tom,

These files are legitimate. The spsys.sys file is the Microsoft Vista validation driver used to control the activation of Windows. ctdvda2k.sys is a DVD driver file from Creative Labs.

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

Jrb
Guest

Re: Packed Driver Detector 0.9 Released
« Reply #4 on: Sep 25^th, 2008, 3:26pm »

Quote

Modify

Remove

Hi Magnus,

Just saw the thread today and did run PDD on XP-home SP3 (Dutch); nothing was found:

Quote:

Scanning C:\WINDOWS\system32\drivers\
No packed driver files were detected (287 files scanned).

I hope this might help you.

Best regards, Jan.

IP Logged

norwegian
Newbie

Posts: 2

Re: Packed Driver Detector 0.9 Released
« Reply #5 on: Sep 29^th, 2008, 6:28am »

Quote

Modify

Hello

Here is my results after reading about this at DSLR, all seems well.

XP pro SP3

Scanning C:\WINDOWS\system32\drivers\
No packed driver files were detected (284 files scanned).

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: Packed Driver Detector 0.9 Released
« Reply #6 on: Sep 29^th, 2008, 12:56pm »

Quote

Modify

Scanning C:\WINDOWS\system32\drivers\
No packed driver files were detected (279 files scanned).

IP Logged

Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional

norwegian
Newbie

Posts: 2

Re: Packed Driver Detector 0.9 Released
« Reply #7 on: Oct 2^nd, 2008, 6:19pm »

Quote

Modify

Not sure why I am getting this message, all I did was install a program or 2 since my first post.

Scanning C:\WINDOWS\system32\drivers\
Error: This is not a PE format
No packed driver files were detected (285 files scanned).

« Last Edit: Oct 2^nd, 2008, 6:20pm by norwegian »

IP Logged

I_am_stupid
Newbie

Posts: 24

Re: Packed Driver Detector 0.9 Released
« Reply #8 on: Mar 25^th, 2009, 12:59am »

Quote

Modify

Was this product given up? I don't see it among the downloads...

IP Logged

Pages: 1

Notify of replies

Send Topic


« Previous topic \| Next topic »