|
|
#1
August 14th, 2009, 10:57 AM
|
|||
|
|||
SBKUPNT.SYS
Hello,
Nod32 v4.0.437 found this at startup of the system : file C:\WINDOWS\system32\Drivers\SBKUPNT.SYS une variante de Win32/PSW.OnLineGames.OMU Trojan - Cleaned by deleting - Has been put in quarantine. (Where is the quarantine folder ?) I have submited it to Eset by clicking the icon. Now, what must I do next ? Thank you. |
|
#2
August 14th, 2009, 11:04 AM
|
|||
|
|||
|
Re: SBKUPNT.SYS
We have just had this same false positive on file CISMBIOS.SYS - scanned with virustotal and only NOD detcts it as PSW.OnlineGames.OMU. Only happens with latest update
 EDIT : false positive caused by signature database 4335. The file CISMBIOS.SYS is a part of Intel Landesk. Last edited by ShaneC : August 14th, 2009 at 11:13 AM. |
|
#3
August 14th, 2009, 11:42 AM
|
|||
|
|||
|
Re: SBKUPNT.SYS
Do you know what applications these drivers belong to? The samples we have received are ambigous, they have a highly suspicious characteristics, but there's a chance they might belong to some badly written applications.
|
|
#4
August 14th, 2009, 12:55 PM
|
|||
|
|||
|
Re: SBKUPNT.SYS
I don't know which applications needs it. Here is a part of what is inside SBKUPNT.SYS
C:\NTDDK\lib\i386\free\SBKUPNT.sys \ D e v i c e \ S B k u p N T \ D o s D e v i c e s \ S B K U P N T Only Nod32 reports it as a virus/trojan. Edit I looked into the registry and it appears here : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SBKUPNT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SBKUPNT HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBKUPNT Last edited by Fidelius : August 14th, 2009 at 01:08 PM. Reason: Add infos |
|
#6
August 14th, 2009, 01:28 PM
|
|||
|
|||
|
Re: SBKUPNT.SYS
SBKUPNT.SYS is a part of a hard disk partitioning program called swissknife.
I downloaded it to format a large drive as FAT32, but I've never been able to get the program to work. In any case, it's a false positive, swissknife is a benign and well known piece of software. |
|
#7
August 14th, 2009, 02:07 PM
|
|||
|
|||
|
Re: SBKUPNT.SYS
Detection has been removed in update 4336. If you are positive that sys files belonging to legit applications were removed in error, restore them from quarantine manually or wait for the next update which should restore them automatically.
|
|
#8
August 14th, 2009, 05:20 PM
|
|||
|
|||
|
Re: SBKUPNT.SYS
Hi Marcos,
Maybe it is legit, maybe not. I started my Internet connection and was unable to browse the web with Firefox or IE. I could not update to the last virus definition (4335 or 4334). I was able to download files with a FTP client (Filezilla). So I had to restart computer and Internet connection. Nod warned me about it as mentionned in my first post. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
