SanityCheck antirootkit finds spky.sys: ?

Discussion in 'other anti-malware software' started by karad, May 8, 2009.

Thread Status:
Not open for further replies.
  1. karad

    karad Registered Member

    Sep 10, 2008
    I downloaded SanityCheck antirootkit from

    in my XP Pro computer
    (Avira,Comodo D+,PrevXEdge,Surun,Returnil Premium) for an additional check and a test, and it found and flagged in red two legit files and a


    which I cant find any coherent news about and is defined as non existing anymore in my HD :

    SanityCheck considers this an 'irregularity'....which could be caused by a legit product.

    Given the fact the two previous files flagged as suspicious were belonging either to my Gigabyte card or Comodo's , and the present cleanleaness of my system , I tend to think it is another sort of FP, so to speak.

    Perhaps portable Roboform in a pen drive I left inserted?

    Still I'd like to hear from someone who had the same file flagged or knows more about it.thanks.
  2. yankinNcrankin

    yankinNcrankin Registered Member

    May 6, 2006
    Sounds like Daemon Tools driver as it can also change at reboot as well so try rebooting your machine and then run that sanity check again spky.sys may turn into sptd.sys or spdt.sys and on and on and on and on..........if it;s not daemon tools then I don't know :D
  3. DOSawaits

    DOSawaits Registered Member

    Dec 11, 2008
    Weird. Since a few days my computer has become extremely sluggish, clicking "Save As..." in Firefox takes the whole system to a stall.

    I've checked everything, autoruns, MBAM scans, Avira scans, nothing.
    The only things I've found out till now is in Process Monitor, Explorer reading "Invalid File"'s and "Invalid Handles" in the registry, and a subprocess under explorer called spyk.sys, nothing special to see in TaskManager, when I click the "File Properties" for spyk.sys, it says "File not found"...........
    Also a find on my system, no single trace of any spyk file at all :doubt:
  4. karad

    karad Registered Member

    Sep 10, 2008
    I did as you suggested YankiNcrankin,and,actually, this second analysis yields a different result, but seemingly along your line of thought, as sput.sys is related on google to Daemon Tools :

    If this changing file really belongs to Daemon Tools, which i never downloaded, it might belong to Paragon Partition Manager 2009 which perhaps created an optical emulator when installed. I will try to ascertain if its so asap. If anyone knows about it please let me know.

    I am not in an urgency since I am 90% certain it is something explainable and legitimate
    considering also Avira or PrevX didnt move a feather,my HIPS is very robust and the system is only 4 months old and treated in white gloves security-wise.
    Moreover, BlackIce and Gmer found nothing reddish just a week ago.

    @DOSawaits: I dont think the source of your slowing down problems can be this spky.sys (or yours is spyk.sys?) as I dont suffer at all from it, pc is running fine.
    No slowing down,nothing at all for me,just this weird thing which sooner or later will get an explanation.....
  5. Joeythedude

    Joeythedude Registered Member

    Apr 19, 2007
    Have you tried any other anti-rootkit tools recently ?

    I tried a few today , and all the hidden *sys files found had been installed by the earlier anti-rootkit tools ... :ouch:

    one had a lot of google warnings : Is222.sys .

    Just an option.
Similar Threads
  1. boredog
Thread Status:
Not open for further replies.