What is aquy510y.sys?

Discussion in 'malware problems & news' started by softtouch, Sep 22, 2009.

Thread Status:
Not open for further replies.
  1. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    I am seeing on a friends PC with GMER a driver with the name aquy510y.sys, which is loaded, listed under the Rootkit tab of GMER. It seems to be related to SCSI devices.

    I found in the registry the driver too, but I cannot find the driver file itself.
    gmer shows me that the driver is in system32\drivers, but I cannot find the driver file, even not in safe mode. No other rootkit detector like blacklight, sophos anti-RK, avast etc. find anything, just GMER.

    Google shows 0 results when searching for this driver...
     
  2. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Some things to try:

    - boot from a Linux liveCD or BartPE and check if you can find that file and copy it for analysis
    - check if there's any virtual drive software like Alcohol or Daemon Tools installed, and if uninstalling those removes the driver. Virtual CD/DVD software tends to create randomly named, hidden drivers so as to avoid being detected by copy protection / DRM.
     
  3. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Thank you for the hint with Virtual CD/DVD.
    I checked the PC, and I saw that Virtual CloneDrive is installed to emulate CD/DVD Roms. This might be the one installing that driver.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.