Security
•  Greatis •  AppDatabase •  Utilities •  Delphi/CB •  Visual Basic • .NET •  just4fun
RegRun Security Suite
Not an antivirus. Detects and removes rootkits/malware/adware that your antivirus could not.
One-click purchase
RegRun NIVA Platinum - Rootkit Killer

NIVA+CD-ROM

More info:
Know more?
Screenshots

FAQ

On-line manual

Print PDF

Download trial
RegRun NIVA Platinum
Forums
Greatis Forum

NI Forum

Mickey Forum

Thank you!

International
Download Russian

Download Ukrainian

Join our localization team

Home Download Order Support   Newsletter Your shopping cart ?
What is A#######.sys (A+7 random characters) driver? Rootkit or not?


Recently we received some requests from our users about mysterious driver on their computers.

Each time the driver name begins with "A" character and the other 7 characters are randomly changed at reboot.

RegRun notifies a user that the driver is located in the %SysDir%\Drivers folder. But this file doesn't exist on the hard drive.

What's this?

We supposed the rootkit behaviour. The strange drivers were not found on a hard drive even if a user boot from Bart PE CD-ROM.

Take a look at the Bootlog XP diagram:

Bootlog XP diagram

We always see that the "A#######.sys" is loaded immediately after SCSIPORT.SYS. The driver is a loaded by Windows kernel on the early stage of Windows boot process.

If we look for the driver in the registry we found that it's a part of "SCSI miniport group".

We opened "Enum" subkey and found that this is PNP device:

After that we checked the "Device Manager" for a SCSI devices.

Not a mystery. It has the name: "SCSI/RAID host controller".

It has the same ID code:

If there is a legitimate driver, why it changes his name every boot?

The answer is simple. The driver is related to the Daemon Tools software. This software is often used for copying protected CD/DVD-ROM. The authors of the CD/DVD protection are not happy that the Daemon software works. They fight against the daemons. And the war still continues...

See also:
Virus or not? SPTD####.sys


In conclusion:

The A#######.sys hidden driver is not a rootkit if you use Daemon Tools software version 4.08 with SPTD 1.37.

But the installation offers you to use WhenUSave toolbar. It is known adware.

In addition some users reports about problems with Windows shutdown.

Use or do not use it? This is your choice :-).


Dmitry Sokolov Dmitry Sokolov

Thank you Rajgopal Nayak for his help!


What's new?
March 16 2017

Released RegRun Security Suite 8.70.0.570
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.70.0.570 - free software for detecting and removing rootkits & malware.

January 24 2017

Released RegRun Security Suite 8.60.0.560
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.60.0.560 - free software for detecting and removing rootkits & malware.

December 15 2016

Released RegRun Security Suite 8.50.0.550
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.50.0.550 - free software for detecting and removing rootkits & malware.

November 28 2016

Released RegRun Security Suite 8.41.0.541
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.41.0.541 - free software for detecting and removing rootkits & malware.

November 1 2016

Released RegRun Security Suite 8.40.0.540
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.40.0.540 - free software for detecting and removing rootkits & malware.

October 12 2016

Released RegRun Security Suite 8.30.0.530
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.30.0.530 - free software for detecting and removing rootkits & malware.

September 1 2016

Released RegRun Security Suite 8.20.0.520
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.20.0.520 - free software for detecting and removing rootkits & malware.

July 8 2016

Released RegRun Security Suite 8.12.0.512
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.12.0.512 - free software for detecting and removing rootkits & malware.

April 7 2016

Released RegRun Security Suite 8.0.0.500
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.0.0.500 - free software for detecting and removing rootkits & malware.

March 29 2016

New! Edge Reset Button
Edge Reset Button is a free tool for resetting Microsoft Edge Browser.

March 14 2016

Released RegRun Security Suite 7.97.0.197
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 7.97.0.197 - free software for detecting and removing rootkits & malware.

February 3 2016

Released RegRun Security Suite 7.95.0.195
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 7.95.0.195 - free software for detecting and removing rootkits & malware.

December 16 2015

Released RegRun Security Suite 7.90.0.190
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 7.90.0.190 - free software for detecting and removing rootkits & malware.

November 25 2015

Released RegRun Security Suite 7.85.0.185
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 7.85.0.185 - free software for detecting and removing rootkits & malware.

September 10 2012

BootRescue - free software for Master BootRecord (MBR)/Volume Boot Record (VBR) backup/recovery.


All News


RegRun is able to remove TDL 4 rootkit (MBR infector) on the Windows 32 and 64 bit!


Released Shortcut Antivirus is a free of charge software for protecting against Microsoft LNK vulnerability.


Released Stuxnet Remover is a free of charge tool for Stuxnet/Tmphider rootkit removal


Added detection and removal of Stuxnet Rootkit(mrxnet.sys, mrxcls.sys).


Resolve "Google search redirect problem". Remove TDL3+ rootkit now!


How to resolve the "msls52.dll not found" problem.
New attack against UXTHEME.DLL...

How to resolve the "themed32.dll not found" problem...


Use RegRun Warrior for rootkit removal
Rootkit detection and removal takes 10 minutes with one computer reboot!


Be careful! The QVOD player installer may be a Trojan...


New! Examiner reveals hidden rootkits and infected system drivers!


New Porno banner Troan Oficla removal instructions


TDSS/Alureon removal instructions


Resolving problem with Google redirect MAX++/TDSS rootkit (win32k.sys:1, win3k.sys:2).


Video Lesson how to remove WinLocker Trojan

Malware Removal Lesson


Windows Explorer Redirection DLLS is a new dangerous Windows startup hole...


RegRun has been reviewed by 3d2f.com Software Directory: RegRun Security Suite is an excellent tool that will reliably protect your computer from a plethora of existing and emerging threats and will keep malware at bay.



Removing Medichi Rootkit


Removal of Noskrnl.exe and Noskrnl.sys Rootkit (Spooldr clone)


Removal Baidu rootkit (cnprov.sys)


Removal Spooldr(ecard.exe) rootkit


Fixing BSOD
in Winlogon Process


Removal Areses Trojan


Virus Feebs rootkit removal story


What's this? Rthdcpl.exe - Illegal System DLL Relocation...


Warning! Rootkit Unhooker


Read our article about Unreal rootkit...


Released free Rustock Rootkit(lzx32.sys) removal tool


A#######.sys is a rootkit?


Rootkit Removal instructions: ntsystem.exe


What is BDGuard.sys?


Virus or not? SPTD####.sys


What is mc21.tmp, mc22.tmp, mc23.tmp?


ICQCHK.exe, MSX.DLL free remover...


Services
Ask Computer Guys

Windows startup programs

Articles
Using Registry Tracer...

RegRun against Trojans and Viruses

Specify an order for startup programs

RunGuard prevents a launch...

Using Bootlog Analyser...

They say
"RegRun Security Suite is one of those very rare tool kits that no one who is serious about protecting their PC should ever be without. This toolkit covers all the bases when it comes to eradicating the attempted security threats from malware that we all face - daily. The near real time tech support, direct from Greatis, is nothing sort of superb, something that can be rarely said these days! I have no hesitation in recommending this suite to anyone."

Miles Pearson

Wilders.ORG. Security advisors recommend...

Testimonials
You guys are awesome!!!!
Traci www.pentagonattack911.com

Bob Schmulian:
Absolutely love it and have recommended to many people!

Ian Robinson:
It is FANTASTIC! It has saved my life on more than one occasion since I purchased it less than 6 months ago. I now would not run my system without it... it's worth many times the cost! The service and support are terrific. Helpful - friendly - and accommodating; and generally a reply is received within 12 hours. Just great.

Theodore Soucie:
Since RegRun was installed my system is more stable. I use to experience freezeup daily. I have not had a crash.

Awards
Paul's Picks
Shareware Winner  

More...


Greatis Software Greatis | Security | AppDatabase | Utilities | Delphi/CB | Visual Basic | .NET | just4fun

Contacts | Add to Favorites | Recommend to a Friend | Privacy Policy | Copyright © 1998-2017 Greatis Software

hit counter for tumblr