Virus or not?
I installed Daemon Tools 4.0 on my computer and immediately got the warning from RegRun.
VVSN.EXE process was started and added to the Windows startup registry keys.
VVSN.EXE is identified as Adware and it was removed without problems.
But what is the strange driver SPTD9885.SYS?
It contains no version information.
But I guess that it is related to Daemon Tools software.
Recently I see a lot of user requests for similar driver names.
Looks like Daemon Tools makes the random name for driver with "SPTD" + random 4 digits.
SPTD####.sys is not a virus and it is not dangerous.
But it is not a finish of the story.
I uninstalled Daemon Tools software using Add/Remove Programs in Control Panel.
I checked the Drivers list and I found that SPTD.SYS and SPT9885.SYS still work in memory.
I opened regedit.exe and looked for SPTD subkey in the
I could not delete this subkey. And I could not read the contents of the SPTD\CFG subkey!
I made right click on the SPTD subkey and selected "Permissions" in the popup menu.
I see that the Administrators group have no rights for deleting or changing.
I deleted the SPTD.SYS file from the C:\Windows\System32\Drivers folder and rebooted my computer.
After that I checked the Drivers list to be sure that SPTD.SYS has gone.
Good news! SPT9885.SYS has gone too!
Now I can see the contents of SPTD\CFG subkey.
If you don't use Daemon Tools - remove SPTD drivers.
- SPTD.SYS executes SPTD9885.SYS;
- SPTD.SYS hides the contents of SPTD\CFG subkey;
- SPTD.SYS protects the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPTD from chaging by using registry permissions.
They are useless for you!
- Delete SPTD.SYS from the C:\Windows\System32\Drivers folder.
- Delete SPTD9885.SYS or the driver with similar name from the C:\Windows\System32\Drivers folder.
- You may use RegRun Registry Assistant to delete protected keys without problems.
Or use regedit.
Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPTD.
Right click and choose "Permissions" in the popup menu.
Change the rights for Adminitrator group to Full access.
Delete SPTD subkey.
Do the same for