SSHDRV65 ?

Discussion in 'other software & services' started by tobamore, Jul 13, 2004.

Thread Status:
Not open for further replies.
  1. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    Hello, recently I did a check on my hardware>device manager and selected 'show hidden devices' from the 'view' menu. This shows to unusual drivers running at my Win XP Pro startup, these are SSHDRV65 and SSHDRV76, I tried viewing details and all it would tell me was that the sys files for them were in the system32 folder. My concern is that they are linked to a recent attempted breach to a remote SSH connection. Does anyone else have this, or are you familiar with the drivers and what they do?
     
  2. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    Tobamore;

    I Googled "SSHDRV" and found this mentioned on some German and French forums. I am going to ask Jooske if she could possibly translate. Here are the sites;

    http://www.chip.de/forum/thread.html?bwthreadid=539077

    http://www.pc-infopratique.com/phpbb2/viewtopic.php?p=3862

    Close Hauled

     
    Last edited: Jul 13, 2004
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Ich habe NT 4.0 mit Service Pack 6a auf meinem Rechner. nach Deinstallation der Fritzcard (Hard- und Software) erhalte ich nun immer nach dem Hochfahren im Ereignisprotokoll folgende Fehlermeldung: Das Laden folgender Boot- und Systemtreiber schlu fehl: SSHDRV56 + SSHDRV57

    Auch das erneute Installieren von Service Pack 6a schaffte keine Abhilfe.

    Wer kann mir weiterhelfen?

    Hope people can correct me where i go wrong.
    I have NT4 with SP 6a on my calculator (? computer?)
    aftr uninstalling the Frizcard (?) hardware and software i keep getting after ....? in ......? ..protocol the following error message:
    loading following boot and systen drivers went wriong: SSHDRV56 + SSHDRV57
    Also a new install of the SP 6a did not help at all.
    Who can help me with this?

    Think you were looking for a solution, not a new question?


    The last part of the french thread said they could not find any other solution but reformatting the system, i'll look deeper in the reasons why if you like? Although you might like to wait for a better translation (Jack, Frederic, a few more here)


    Hope the discussion here will unfold better, just started yesterday. (i know it's you)
    http://groups.google.com/groups?hl=...djh1fm8bgm1bmvso36ebflk1qde7%404ax.com&rnum=1
     
    Last edited: Jul 13, 2004
  4. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    You're awesome Jooske. Thanks. I was going to use Google's translation tool, but I was too tired. It was 2:30 in the morning when I replied. My cat woke me up while dealing death to a mouse.

    I have to go to work. I can look at this there.

    Close Hauled
     
  5. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    Thank you very much for your help, much appreciated! :) I still havent got to the bottom of it though, there is no information in the driver details tab, another reason my suspicions arose. I too saw the German reference, but the Google translation was nowhere near as good as the translation here. I am still looking and would appreciate any more light thrown onto this.

    Thanks again.

    PS the main reason I was looking in there in the first place was for those infamous 'hidden' starforce drivers - they weren't there but the rest is history. ;)
     
  6. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    First, the obvious questions that need to be asked. Are you running Spybot, Adaware, and anti-virus? Have you scanned your system with the latest signatures?

    Gotta get those level one questions out of the way.

    Close Hauled
     
  7. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    Yes, fair question and one that I should have answered in my original post! :oops:
    I have indeed ran spybot, adaware and recently run tds3 and nav checks on my system, but found nothing. These devices *may* be completely innocent ie. installed with some hardware or software recently, but I would like to know where they came from and more importantly, are they innocent?

    A further point of note is this, on checking the created date of the related sys files I found them both to have been created in March this year, so they probably are benign, but who knows? I certainly don't!
     
  8. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    Do me a quick favor. PM me the output of your DXDiag.

    Close Hauled
     
  9. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    tobamore;

    These files worry me. The reason is that we have seen six different version of this "SSHDRV" file:

    SSHDRV51
    SSHDRV52
    SSHDRV56
    SSHDRV57
    SSHDRV65
    SSHDRV76

    This could be a piece of spyware or a virus that is changing it's name to avoid detection. I would not dismiss it as benign until we track it down.

    I actually have a bit of experience in tracking these things down. The last one that I found was a new variant of the CoolSearch spyware. Both Spybot and Adaware found it and thought that they cleaned it. But they did not. If it had not been for tools like PortExplorer and ProcessExplorer, I would not have been able to track it down

    Close Hauled
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    How about zip and submit one to submit@diamondcs.com.au for Gavin's opinion?
    And upload one or all at www.kaspersky.com/remoteviruschk.html ?

    And if you really like to know what is all running use the DiamondCS
    AutoStartViewer (free, products page) Use all the options to see everything in the log you'll like to save and if needed can send to support@diamondcs.com.au for instance. Unless you like to attach or paste it here, but i must warn you, i'm no AutoStartViewer -expert, very complicated stuff but the DiamondCS guys are really good with that.
    and you might love Faber Toys as much as we do, www.faberbox.com which giives info on what is all there on your system.
     
  11. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    I have sent a link of this thread plus a zipped copy of sshdrv65.sys to diamondcs as suggested and await there reply. I have also sent 'close hauled' a copy of my dxdiag.txt and will check back tomorrow.

    I certainly am a little bit curious and look forward to any information that can be found on this matter.

    PS I must add that I have disabled then removed the devices from 'device manager', but have left the sys files on my system for info etc. If these devices prove to be required I do have a dvd backup of my system from Saturday, so I can restore them. (I don't like system restore, so this is always 'off' on my system.)
     
  12. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    I took a look at your DxDiag file to get a feel of the devices you have installed. I will go to your device manufacturers and see if I find the file there. Sometimes Google misses that stuff.

    I did not see anything that jumped out at me. You have a bunch of games that you did not uninstall properly. You have a Widcom Bluetooth audio device that is not WHQL certified. I think your Soundblaster Live! drivers need to be updated, not sure, they looked old.

    What is the make and model of your system? And what is the Bluetooth device?

    Close Hauled
     
    Last edited: Jul 13, 2004
  13. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    Hello again,
    I don't have a system make and model per sais, it is a collection of components, as for the bluetooth device, it is a belkin bluetooth dongle for use with my mobile phone.

    To answer your point and pose a further one, ;) I don't know that there are any more recent XP drivers for my SoundBlaster Live 1024 card. Also, do you know of a way of deleting those annoying game references please?
     
  14. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    You have Sound Blaster Live! v5.12.0001.0252 which is only slightly older than the latest version. So I would not be too concerned about updating it now. Let's get the other problems fixed first.

    You can download the latest version if you want, just downt install it yet.
    The file name is: LiveDrvUni-Pack(ENG).exe
    The web site is : Soundblaster Live! for UK

    As for your phone, what make and model is it?

    Finally, did you send those files of to DiamondCS?

    Oh, and one other thing. Those games. Did you uninstall them, or delete them?

    Close Hauled

     
  15. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    Hello, thanks for sticking with me on this. :) My phone is a SE Z600 and I have already un-installed then re-installed the bluetooth software in order to see if the devices appeared, no luck. I have received a reply from Diamond;

    Not TOTALLY sure what it does, hard to tell from the file only. Still looking at it, but it does look clean !

    Finally as for the games, I do usually un-install them, but maybe in a moment of madness, my son or I may have deleted some. :oops:
     
  16. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    I know that this sounds like an off topic question, but do you have Spybot 1.3 installed? If not, please install it. There is a method to my madness.

    Close Hauled
     
  17. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    I do indeed have 1.3 installed, what have you concluded? :)
     
  18. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    First, create a restore point :

    To create a Restore Point

    1. Access the System Restore Wizard through Help and Support Center.

    2. Click Create a restore point, and then click Next.

    3. In the Restore point description box, type a name to identify this restore point. System Restore automatically adds to this name the date and time that this Restore Point is created.

    * To finish creating this restore point, click Create.

    * To cancel restore point creation and return to the Welcome to System Restore screen, click Back.

    * To cancel restore point creation and exit the System Restore Wizard, click Cancel.

    Notes

    * To access the System Restore Wizard, click Start, and then click Help and Support. Click Performance and Maintenance, click Using System Restore to undo changes, and then click Run the System Restore Wizard.

    * Creating a restore point can be useful any time you anticipate making changes to your computer that are risky or might make your computer unstable.

    * To view or to return to this restore point, from the Welcome to System Restore screen of the System Restore Wizard select Restore my computer to an earlier time. Then select the date when the restore point was created from the calendar in the Select a Restore Point screen. All of the restore points that were created on the selected date are listed by name in the list box to the right of the calendar.


    Second, clean up the registry with Spybot 1.3:

    1. Start Spybot in Advanced mode.
    2. Click on Tools.
    3. Click on System Internals.
    4. Click the Check icon.
    5. Click on "Fix selected problems"
    * You will be presented with dialog boxes to delete the entries. If you are not sure about it, don't delete it. But if it references a game, delete it. I ran it and deleted everything on two computers so far, and no problems



    Close Hauled

     
Thread Status:
Not open for further replies.