Anyone know what this SVKP.SYS module is which runs as a service? It looks to be some sort of legacy driver. It has a description of SVKP driver for NT. Although it is marked copyright Microsoft, what bothers me a lot is in the company name field inside the properties, it has the string "AntiCracking" . Huh? I stopped this service and just checked. It is still stopped. I'd like to know what this is before I rename it and maybe find that I can't boot or something. I Googled it and found it mentioned obliquely by a number of people, but only Mcafee calls it a trojan. However, I don't find any of the symptoms that are described in this McAfee writeup - http://vil.nai.com/vil/content/v_101134.htm The above port 6667 is not open. I don't have a file named NTDSAPI.EXE on my system. So I did a text dump the module and this is what I see: Code: File pos Mem pos ID Text ======== ======= == ==== 0000004D 0001004D 0 !This program cannot be run in DOS mode. 000000B0 000100B0 0 Richg 000001C8 000101C8 0 .text 000001EF 000101EF 0 h.data 00000240 00010240 0 .rsrc 00000267 00010267 0 B.reloc 00000459 00010459 0 QPPj"WPV 000004FE 000104FE 0 IoCompleteRequest 00000512 00010512 0 IoCreateDevice 00000524 00010524 0 IoCreateSymbolicLink 0000053C 0001053C 0 IoDeleteDevice 0000054E 0001054E 0 IoDeleteSymbolicLink 00000566 00010566 0 RtlInitUnicodeString 0000057C 0001057C 0 ntoskrnl.exe 00000925 00010925 0 3I4r4y4 00000400 00010400 0 \Device\SVKP 0000041A 0001041A 0 \DosDevices\SVKP 00000606 00010606 0 VS_VERSION_INFO 00000662 00010662 0 StringFileInfo 00000686 00010686 0 040904B0 0000069E 0001069E 0 CompanyName 000006B8 000106B8 0 AntiCracking 000006DA 000106DA 0 FileDescription 000006FC 000106FC 0 SVKP driver for NT 0000072A 0001072A 0 FileVersion 00000756 00010756 0 InternalName 00000770 00010770 0 SVKP.sys 0000078A 0001078A 0 LegalCopyright 000007A8 000107A8 0 Copyright (C) Microsoft Corp. 1981-1999 000007FE 000107FE 0 OriginalFilename 00000820 00010820 0 SVKP.sys 0000083A 0001083A 0 ProductName 00000854 00010854 0 SVKP driver for NT 00000882 00010882 0 ProductVersion 000008B2 000108B2 0 VarFileInfo 000008D2 000108D2 0 Translation Note there is a Microsoft copyright but this could just be a fake. So then I ran a trojan scan with TDS-3. It found no problems and ignored this supposed trojan file (SKVP.SYS) Anyone know what this SVKP.SYS thing is and what it does? What does it come from? Is it a trojan as McAfee says? If so, why doesn't TDS-3 find it?