How to deal with "iaStorV.sys" in Win 7?

Discussion in 'General Returnil discussions' started by fuquen, Jul 31, 2011.

Thread Status:
Not open for further replies.
  1. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95
    How to deal with "iaStorV.sys" in Win 7?

    Windows 7 Professional 64b.

    Returnil report:
    "Status: Denied execution for program that is absent from real disk.
    Location: C:\WINDOWS\SYSTEM32\DRIVERS\IASTORV.SYS"

    Is the mentioned "iaStorV.sys a trojan?
    How to remove is if it is?
    Why does it try to circumvent the Virtual Mode if it is not a trojan?

    Thank you very much!
     
    fuquen, Jul 31, 2011
    #1
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    dw426, Jul 31, 2011
    #2
  3. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi fuquen,
    The message is a block from the Anti-Execute feature (Virtual Mode > Settings > Additional Protection Options section). What do you have this set to; trust services (default) or trust programs only (full paranoid mode)?

    Mike
     
    Coldmoon, Aug 1, 2011
    #3
  4. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95
    Mr.dw426

    Thank you.

    Yes. Normally, both iaStor.sys and iaStorV.sys are Intel Matrix Storage Managers.
    (http://ssdtechnologyforum.com/threads/508-Intel-Matrix-Storage-Manager-iaStor.sys-vs-iaStorV.sys)

    But it is also a malware.
    "Important note: Normally, the iaStorV.sys file should be in the C:\Windows\System32 folder. If it is found anywhere else, then the iaStorV.sys could be a virus, Trojan, worm, or spyware! "
    *xhttp://www.pcsafedoctor.com/exe-errors/iaStorV.sys.html

    And, according to Returnil's report, it tries to circumvent the Virtual Mode for executing a program that is absent from the real disk.

    Many thanks.
     
    Last edited by a moderator: Aug 31, 2011
    fuquen, Aug 1, 2011
    #4
  5. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95

    Mr. Coldmoon

    Thank you very much for always helping!

    In the Additional Protection Options,
    this is set to: Trust system services
    from real disk only.


    Thank you very much!
     
    fuquen, Aug 1, 2011
    #5
  6. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    fuquen,
    *xttp://www.pcsafedoctor.com/exe-errors/iaStorV.sys.html is given a bad rating by WOT.
    Personally I would not believe what I read on a site like that.
    Good luck.
    Hugger
     
    Last edited by a moderator: Aug 31, 2011
    Hugger, Aug 2, 2011
    #6
  7. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95
    Mr. Hugger

    Thank you very much for the worthy advice.
    Maybe I am a little bit too nervous.

    Thank you. Really appreciate!
     
    Last edited by a moderator: Aug 31, 2011
    fuquen, Aug 2, 2011
    #7
  8. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Then it may be a legitimate block as the file on the real system should be known. Did the path in the block description lead to your system32 folder or to a different location on an alternate disk or partition?

    Mike
     
    Coldmoon, Aug 2, 2011
    #8
  9. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95
    Thank you, Mr. Coldmoon

    Yes. I can locate it easily:
    C:\Windows\system32\drivers\iaStorV.sys

    Thank you!
     
    fuquen, Aug 3, 2011
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...