aaudstum.sys virus?

Viruses and worms
21

You can monitor and compare Windows registry versions.
But ‘when’ a key was created in the past, without monitoring, it won’t be possible.
Well, the better will be sure you’re clean scanning with avast (archive included) and other anti-malware applications (a-squared, AVGas, spybot, etc.).

22

:slight_smile: Hi Larandor :

  It would be wise to look around and possibly post a request for help on 
  Autoruns Support Forum at http://forum.sysinternals.com/forum_topics.asp?FID=16  .

  Did you ever run an AVG Antispyware "Complete System Scan" and/or
  install "SUPERantispyware" and run its "Perform Complete Scan" ?

  I noticed the list of Scanning Engines of the Virustotal site are NOT
  the latest used by the various Vendors, even including the "old" Ewido
  4.0, which has been "replaced" by AVG Antispyware 7.5 .

  It MAY be getting to the point you should see IF you have a possible
  "rootkit" !? If yes, best to start with the Good & FREE "RootkitRevealer"
  on the Sysinternals site at :
  www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx .
  IF you decide to use this program, read the info at :
  http://forum.sysinternals.com/forum_posts.asp?TID=2351&PN=1
  BEFORE use of the program .
23

Yup, checked using AVG Anti-spyware since putting the file in the chest and it came back clean. Rootikit Revealer doesn’t really indicate much either, just 4 registry entries with embedded nulls (would post the log but it crashes the program while trying to save it for some reason.)

It’s so puzzling. :frowning: I have no idea what put this file there, nor what added the registry entry. The file properties seem to indicate it hasn’t been modified since 2004 so that would indicate it’s not a recent virus if it is one, yet few programs detect it and Avast only does so under a general heading. Not to mention the rest of the system seems clean, I haven’t noticed any unusual activity on the network (My firewall hasn’t shown any odd programs trying to access it.), not to mention the temp folder seems an utterly bizzare place to put a virus anyway since it’s likely to get cleaned out. :s The only thing unusual now is that I don’t seem to be able to use any USB storage devices (they aren’t mounted, windows doesn’t seem them at all.) though USB in general works fine.

24

:slight_smile: Hi Larandor :

  I am unsure if antiSPYWARE programs, such as AVG Antispyware, can
  "detect" something that has been put into Avast's "Chest" !? Perhaps
  Others more knowledgeable in this area can provide guidance !?
  I noticed you said you have CCleaner !? I do not use this program,
  but the one developed by antiSPYWARE Expert "Atribune" called
 "ATF Cleaner" at www.atribune.org/content/view/40/2/  ; perhaps
  use of this program MAY make a difference !? Their version "3" just
  came out recently and I have their "older" version .
25

No. None other program can detect nothing into the encrypted files of avast Chest, only avast itself, well, as far I know and test…