Are Your Drivers Whacked Or Hacked?

Discussion in 'malware problems & news' started by ZOverLord, Jul 19, 2005.

Thread Status:
Not open for further replies.
  1. ZOverLord

    ZOverLord Registered Member

    Joined:
    Jul 17, 2005
    Posts:
    11
    Suggestion.

    Besides running scans it is also a good thing to run "sigverif". This will create a list of ALL drivers on your system, signed and unsigned. The output is located in your C:\Windows\sigverif.txt file.

    It surprised me most people do not do this. Many trojans mask themselves as drivers on your system, and most if not all are never signed.

    Be careful however, some unsigned drivers are valid, especially video drivers.

    To make it easier to run and check your drivers, so you can compare from to time if you think you may be infected, here are some instructions to do this check.

    I would save the file somewhere, so when you run it again, you can compare any differences.

    Click Start | Run and in the box, type sigverif and then click OK.

    In the File Signature Verification dialog box, click the Advanced button.

    On the Search tab, click Notify me of any system files that are not digitally signed.

    Click OK, then click the start button.

    The tool will display a list of any unsigned system drivers you have installed on your computer.

    This is a good first step in troubleshooting driver-related problems.

    You can remove the unsigned driver(s) that you think may be causing the problem (it is recommended that, rather than deleting them, you move them to a different location, so you can move them back if the removal causes problems).

    Note that video drivers are often unsigned, but you usually shouldn't remove them since you may not be able to display anything on your computer if you do.

    To view the output of all system drivers open the C:\Windows\sigverif.txt file.
     
  2. Beefcarver

    Beefcarver Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    263
    Location:
    michigan
    where can I update my drivers for free?
     
  3. ZOverLord

    ZOverLord Registered Member

    Joined:
    Jul 17, 2005
    Posts:
    11
    If you purchased your system, go to the OEM's Web Site ("Example: Dell") otherwise if you built it yourself go to the manufactures site of the board you want drivers from.

    I say this because MANY MANY drivers from other sites have Trojans embedded in them, and some even charge for their downloads.
     
  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi ZOverLord,

    Thanks much for the tip and detailed instructions. I ran sigverify and did come up with eight drivers which I cannot determine whence they came. I'll move them to another folder (as you suggested) but will take an image copy before I do this.

    Appreciate the advice,
    Rich
     
  5. ZOverLord

    ZOverLord Registered Member

    Joined:
    Jul 17, 2005
    Posts:
    11
    Your very Welcome.

    Most people have no idea of what drivers they have laying around, which are signed or unsigned, some Trojans can and do hide as device drivers and can be missed by AV software, so it is always good to check.
     
Loading...
Thread Status:
Not open for further replies.