Re: TDSS Killer - sptd.sys detected as threat

I have read the previous post on this subject 2 years ago. (found here)

The thing that bothers me is...I don't have Daemon tools installed, or any virtual CD/DVD software installed for that matter.

I used to have Alcohol 50% installed, but that's long gone/uninstalled since a long time ago (years). I never liked Daemon Tools, especially after I found SlySoft's Virtual Clone Drive was a completely free piece of software that did the same thing, but supported practically every format...including Nero and Alcohol proprietary formats.

Anyways, can anyone shed some like on this? I told TDSSKiller to delete the threat 2 days ago..and instantly my downloads didn't take like 10 seconds to go from 100% to "finished" like it was before. Things were much faster.


It showed up today as a threat...again.

Please be aware...this is an old XP installation on a 2009 Netbook... I haven't used it for 2 years due to no charger, but things just seem to be broken everywhere. First I couldn't uninstall half the things that were driver or Microsoft related (things installed using ghosting or something similar by Best Buy). Personally, I think they must've run the ghosting script from inside a zip or something, because some uninstallers try to look in the temp folder for the cached crap. Wtf is wrong with the people who installed this laptop? I had to manually find the cached MSI's to remove crap-ware.

Then I effed it up more by using the Microsoft Install Cleaner Utility....should've done more research, cause .NET completely broke... fixed that, but now I'm having all this happen...like "The procedure entry point_except_handler4_common could not be located in the dynamic link library msvcrt.dll". Replaced the dll, and the error still shows. (I'm trying to install Windows7FirewallControl (yes, it supports XP...look it up).

God, what the crap have I done to Windows... I'm an IT support guy, and when I want something I go through lengths to get it, but this is ridiculous.


Hopefully you got a few laughs through that. If you have any ideas as to whether the sptd.sys might be malware, please let me know... I'm probably going to reinstall at some point....but I want to know so if I need to remove it from a future client's machine, I can.

I guess I'll let Combofix take a crack at it...like I did 2 weeks ago. Hitman Pro and Malwarebytes may help I guess. Man, I wish Gmer was updated for .... DOH! I'm on XP. xD

Edit: Dang...GMER was finally updated for Vista/7/8? Awesome...

 

If it's the real SPTD.sys you have trouble with,use the installer/uninstaller from the developers, Duplex Secure ....
-http://www.duplexsecure.com/en/downloads-

 

You could run it through VirusTotal to see what you get.