How to deal with "iaStorV.sys" in Win 7?

Discussion in 'General Returnil discussions' started by fuquen, Jul 31, 2011.

Thread Status:
Not open for further replies.
  1. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95
    How to deal with "iaStorV.sys" in Win 7?

    Windows 7 Professional 64b.

    Returnil report:
    "Status: Denied execution for program that is absent from real disk.
    Location: C:\WINDOWS\SYSTEM32\DRIVERS\IASTORV.SYS"

    Is the mentioned "iaStorV.sys a trojan?
    How to remove is if it is?
    Why does it try to circumvent the Virtual Mode if it is not a trojan?

    Thank you very much!
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
  3. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi fuquen,
    The message is a block from the Anti-Execute feature (Virtual Mode > Settings > Additional Protection Options section). What do you have this set to; trust services (default) or trust programs only (full paranoid mode)?

    Mike
     
  4. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95
    Mr.dw426

    Thank you.

    Yes. Normally, both iaStor.sys and iaStorV.sys are Intel Matrix Storage Managers.
    (http://ssdtechnologyforum.com/threads/508-Intel-Matrix-Storage-Manager-iaStor.sys-vs-iaStorV.sys)

    But it is also a malware.
    "Important note: Normally, the iaStorV.sys file should be in the C:\Windows\System32 folder. If it is found anywhere else, then the iaStorV.sys could be a virus, Trojan, worm, or spyware! "
    *xhttp://www.pcsafedoctor.com/exe-errors/iaStorV.sys.html

    And, according to Returnil's report, it tries to circumvent the Virtual Mode for executing a program that is absent from the real disk.

    Many thanks.
     
    Last edited by a moderator: Aug 31, 2011
  5. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95

    Mr. Coldmoon

    Thank you very much for always helping!

    In the Additional Protection Options,
    this is set to: Trust system services
    from real disk only.


    Thank you very much!
     
  6. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    fuquen,
    *xttp://www.pcsafedoctor.com/exe-errors/iaStorV.sys.html is given a bad rating by WOT.
    Personally I would not believe what I read on a site like that.
    Good luck.
    Hugger
     
    Last edited by a moderator: Aug 31, 2011
  7. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95
    Mr. Hugger

    Thank you very much for the worthy advice.
    Maybe I am a little bit too nervous.

    Thank you. Really appreciate!
     
    Last edited by a moderator: Aug 31, 2011
  8. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Then it may be a legitimate block as the file on the real system should be known. Did the path in the block description lead to your system32 folder or to a different location on an alternate disk or partition?

    Mike
     
  9. fuquen

    fuquen Registered Member

    Joined:
    Jan 3, 2010
    Posts:
    95
    Thank you, Mr. Coldmoon

    Yes. I can locate it easily:
    C:\Windows\system32\drivers\iaStorV.sys

    Thank you!
     
Thread Status:
Not open for further replies.