I downloaded SanityCheck antirootkit from

resplendence.com

in my XP Pro computer
(Avira,Comodo D+,PrevXEdge,Surun,Returnil Premium) for an additional check and a test, and it found and flagged in red two legit files and a

spky.sys

which I cant find any coherent news about and is defined as non existing anymore in my HD :



-{ Quote: "Some driver entry points are being hijacked by other modules

* Module spky.sys is overwriting one or more entry points of other drivers running in the system. This controversial technique could be the work of malware running in the system but it could also be the work of legitimate software.

file path: spky.sys
This file is no longer available.We suggest you try to find this file in another location on your hard disk." }-





SanityCheck considers this an 'irregularity'....which could be caused by a legit product.

Given the fact the two previous files flagged as suspicious were belonging either to my Gigabyte card or Comodo's , and the present cleanleaness of my system , I tend to think it is another sort of FP, so to speak.

Perhaps portable Roboform in a pen drive I left inserted?

Still I'd like to hear from someone who had the same file flagged or knows more about it.thanks.

Sounds like Daemon Tools driver as it can also change at reboot as well so try rebooting your machine and then run that sanity check again spky.sys may turn into sptd.sys or spdt.sys and on and on and on and on..........if it;s not daemon tools then I don't know ;D

Weird. Since a few days my computer has become extremely sluggish, clicking "Save As..." in Firefox takes the whole system to a stall.

I've checked everything, autoruns, MBAM scans, Avira scans, nothing.
The only things I've found out till now is in Process Monitor, Explorer reading "Invalid File"'s and "Invalid Handles" in the registry, and a subprocess under explorer called spyk.sys, nothing special to see in TaskManager, when I click the "File Properties" for spyk.sys, it says "File not found"...........
Also a find on my system, no single trace of any spyk file at all :doubt:

I did as you suggested YankiNcrankin,and,actually, this second analysis yields a different result, but seemingly along your line of thought, as sput.sys is related on google to Daemon Tools :


-{ Quote: "The module sput.sys is hooking the kernel to intercept base system services.

Information about the responsible module sput.sys:

file path: sput.sys
This file is no longer available. We suggest you try to find this file in another location on your hard disk.
Click here to do a Google search on sput.sys



Some driver entry points are being hijacked by other modules

Module sput.sys is overwriting one or more dispatch entry points of other drivers running in the system. This controversial technique could be the work of malware running in the system but it could also be the work of legitimate software.

Information about the responsible module sput.sys:

file path: sput.sys
This file is no longer available. We suggest you try to find this file in another location on your hard disk.
Click here to do a Google search on sput.sys" }-


If this changing file really belongs to Daemon Tools, which i never downloaded, it might belong to Paragon Partition Manager 2009 which perhaps created an optical emulator when installed. I will try to ascertain if its so asap. If anyone knows about it please let me know.

I am not in an urgency since I am 90% certain it is something explainable and legitimate
considering also Avira or PrevX didnt move a feather,my HIPS is very robust and the system is only 4 months old and treated in white gloves security-wise.
Moreover, BlackIce and Gmer found nothing reddish just a week ago.


@DOSawaits: I dont think the source of your slowing down problems can be this spky.sys (or yours is spyk.sys?) as I dont suffer at all from it, pc is running fine.
No slowing down,nothing at all for me,just this weird thing which sooner or later will get an explanation.....

Have you tried any other anti-rootkit tools recently ?

I tried a few today , and all the hidden *sys files found had been installed by the earlier anti-rootkit tools ... :ouch:

one had a lot of google warnings : Is222.sys .

Just an option.