RKdetector says iscflash.sys is "a bad service"

HandsOff · Jun 25, 2004

I decided to try RKDetector that is supposed to be able to spot hidden malware files and directories just to see what it would come up with. Well, it said my iscflash.sys which is supposedly residing in my system32\drivers directory is "a wrong service". Well then i browsed to the system32\drivers folder and looked for the service. I could not find it (yes i selected view system files and hidden files in folder options). I then did a search and did find a file named "iscflash.dll" but it was in the following directory: C:\program files\gateway\SRCD. it is 17kb in size and it was created on the same day that i reinstalled windows XP back in January. (most likely "SRCD" means System Restore CD).

Anyway, my question is does it sound like there is a hidden bad system file or not? Note, while RKDetector said i had 1 bad service, and 3 suspicious services, but it also said that no RK modules were detected.

Question 2: If I can find the hidden service should i delete it?

- HandsOff

dvk01 · Jun 25, 2004

iscflash.sys is probably a gateway specific driver but as I can't find anything about it then it is possible that is might be a root kit driver

try TDS 3 that tends to find most known rootkits
I would strongly recommend downloading and running a specialised anti trojan
lists here http://www.wilders.org/anti_trojans.htm

the antitrojan that I use for dealing with them is

TDS3 from http://tds.diamondcs.com.au/

download & install the 30 day free trial, update it manually as described here http://tds.diamondcs.com.au/index.php?page=update as the trial version doesn't have auto update enabled

then press scan control & tick all the little boxes in the bottom part of that window, press save configuration and then close that window by pressing the red X in top right corner, then select system testing and select full system scan

sit back with a cup of coffee and watch what it finds

NOTE:

Unlike set and forget av's TDS works with you, it doesn't auto delete anything but puts a list of found suspect files in the bottom window

right click any file it finds and it gives you options on dealing with it, the normal selection would be delete , but first select "save as text", that will create a logfile of all the found suspect files and put it in the TDS directory called scandump.txt.

post back with the tds log after running please, just copy & paste the entries from the scandump.tx

HandsOff · Jul 1, 2004

Derek -

Sorry not to have acknowledged your post before now, especially since you have been a great help to me in the past. It seems that I have a chronic problem remembering to set notifications to my posts. I have been debating how to resolve the issue of trojan hunting. I am aware that trojans seem to be everywhere, however, I am somewhat intimidated by the learning curve of most of the products I have tried.

I Will download Diamond TDS and post back. Even though I would not guess that I have an active trojan running on my computer, I would sure like to know more about how to deal with the threat.

- HandsOff

HandsOff · Jul 2, 2004

Well, I guess my efforts payed off. TDS found two trojans both inbedded in games that I had downloaded, but not installed yet. Hopefully they were deleted before they were ever activated since I never executed the files. Games and exotic screensavers used to be good clean fun, but I guess those days are long gone! Anyway, I will say that Diamond TDS seems to be an effective tool in the battle for my own computer!

-HandsOff

Log in or Sign up

RKdetector says iscflash.sys is "a bad service"

HandsOff Registered Member

dvk01 Global Moderator

HandsOff Registered Member

HandsOff Registered Member

Log in or Sign up

RKdetector says iscflash.sys is "a bad service"

HandsOff Registered Member

dvk01 Global Moderator

HandsOff Registered Member

HandsOff Registered Member

Useful Searches