Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: located threats- system32\drivers\spuo.sys What is it & can i delete?

10 Feb 2014   #1
amitamit2

windows 7 ultimate x64
 
 
located threats- system32\drivers\spuo.sys What is it & can i delete?

AVG found a bunch of threats in said location (picture included). Can anyone tell me what that is exactly, what could it affect in my computer, and most importantly - can i safely "heal"/"remove" said files?
I don't wanna carelessly mess with system32...




Attached Thumbnails
-untitled.png  
My System SpecsSystem Spec
.
10 Feb 2014   #2
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Thank you amitamit2 for posting here as requested. I want to follow this.
My System SpecsSystem Spec
10 Feb 2014   #3
cottonball

Windows 7 Home Premium
 
 

Have you tried to use AVG to fix the issue?
Does the he sp** file change after addressing the issue and restarting the computer?

Let's see what the following anti-rootkit tool has to show...

Please go to the Malwarebytes Anti-Rootkit Download

Save to the Desktop (easy to find)

Right-click the file and select: Extract here... (to the Desktop)

Open its folder and double-click on mbar.exe to start the program.

Follow the prompts and be sure to update the definitions when it asks.

If it detects any infections, allow the program to remove them.

When the program is done, two reports are created in the mbar folder:
1. system-log.txt
2. mbar-log-2013-02-18 (20-13-32).txt (corresponds to mbar-log-year-month-day (hour-minute-second).txt)

Please provide both reports in your reply.
My System SpecsSystem Spec
.

10 Feb 2014   #4
cottonball

Windows 7 Home Premium
 
 

BTW, what version of AVG do you have?
My System SpecsSystem Spec
11 Feb 2014   #5
Sir George

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by amitamit2 View Post
AVG found a bunch of threats in said location (picture included). Can anyone tell me what that is exactly, what could it affect in my computer, and most importantly - can i safely "heal"/"remove" said files?
I don't wanna carelessly mess with system32...
The following link could be useful;

Rootkit and malware detection and removal guide

HTH
My System SpecsSystem Spec
11 Feb 2014   #6
cottonball

Windows 7 Home Premium
 
 

Some good information there, however, the programs mentioned are another story.

RootkitRevealer
About 6 or more years ago, it was going strong.
Haven't seen anyone use it lately, and the last time I did, it did not support any Operating
System beyond XP.

Has it been updated now to run in Windows 7, and now it is back??
Hmmmm....

F-Secure BlackLight
This program may run in Windows 7 32-bit. However, the system being dealt with is 64-bit.

As far as the program goes, you will need to find specific instructions as to how to use it.
It is not meant for casual use, and will result in Windows not operating properly, if used incorrectly.

At this point, it is more than likely the detections are false. AVG had this problem before now.
My System SpecsSystem Spec
11 Feb 2014   #7
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
False Positive Detections?

Quote   Quote: Originally Posted by cottonball View Post
Some good information there, however, the programs mentioned are anothe story.

RootkitRevealer
About 6 or more years ago, it was going strong.
Haven't seen anyone use it lately, and the last time I did, it did not support any Operating
System beyond XP.

Has it been updated now to run in Windows 7, and now it is back??
Hmmmm....

F-Secure BlackLight
This program may run in Windows 7 32-bit. However, the system being dealt with is 64-bit.

As far as the program goes, you will need to find specific instructions as to how to use it.
It is not meant for casual use, and will result in Windows not operating properly, if used incorrectly.

At this point, it is more than likely the detections are false. AVG had this problem before now.
I reckon Cottonball knows best. It's probably false positive detection by AVG and you need to confirm by another source.

I've used many rootkit detectors/ revealers and the only one that never gave a false positive detection was:

Removing rootkit with the Trend Micro Rootkit Buster

You need the 64bit version for Windows 7
My System SpecsSystem Spec
11 Feb 2014   #8
cottonball

Windows 7 Home Premium
 
 

Good choice, Callender!


@amitamit2:

Since it is best to use more than one tool to confirm results, also run the program...

Please download Trend Micro Rootkit Buster:
Removing rootkit with the Trend Micro Rootkit Buster
Select the file that corresponds to your system (64-bit)
Save the file on the Desktop

Right-click RootkitBuster.exe, and select: Run as Administrator

To use the program, accept the terms of the license agreement, and then click: Next
On the next console, press: Scan Now

Wait for the program to finish scanning the computer and until you see the results of the scan.
You can also press the Log tab to obtain the report.

At the screen containing the results, press: Full Results

A 1392158435 - Notepad (numbers will vary) report opens on the Desktop containing info such as:

Trend Micro RootkitBuster
| Module version: 5.0.0.1129
| Computer Name: CB-PC
| OS version: 6.1-7601
| User Name: CB

Please provide the results of the XXXXXXXXXX - Notepad in your reply.

Thanks!
My System SpecsSystem Spec
11 Feb 2014   #9
amitamit2

windows 7 ultimate x64
 
 

cottonball, i downloaded Malwarebytes Anti-Rootkit as u instructed and will shortly write down what the results were.
And about your questions:
Quote:
Have you tried to use AVG to fix the issue?
As i said, i was afraid to press the remove all unhealed button, because those things were on system 32 and i asked if it's safe to click it.
Quote:
BTW, what version of AVG do you have?
I don't know any more than what the pic in the first post says... "AVG antivirus free edition 2012, last updated 10/2/2014"... that's what it says... (Date is opposite for Americans, switch 10/2 to -> 2/10)

EDIT:
Quote:
Since it is best to use more than one tool to confirm results, also run the program...
Please download Trend Micro Rootkit Buster:
Will do!
My System SpecsSystem Spec
11 Feb 2014   #10
amitamit2

windows 7 ultimate x64
 
 

Malware Bytes keeps getting stuck on random files and isn't completing its scan... I'll give it a few more minutes to let it try to get itself unstuck on history.ie5\index.dat and if it's still there i'll try the other one this time...

EDIT:
Nvm, it's through with the file... took abnormally long... it's having similar pauses in a lot of files... this is gonna take a while... a long long while...

EDIT 2: Malware Bytes is done. Seems like i had a big "boxore" problem, not sure if it's a big deal or not (Logs included).
After restarting, I proceeded to use Trend Micro; It scanned for about half a second and produced no results...


Attached Files
File Type: txt mbar-log-2014-02-12 (00-50-07).txt (5.7 KB, 3 views)
File Type: txt system-log.txt (42.1 KB, 3 views)
My System SpecsSystem Spec
Reply

 located threats- system32\drivers\spuo.sys What is it & can i delete?




Thread Tools




Similar help and support threads
Thread Forum
cant delete windows.old (no longer located in C:\.)
windows.old is in my c drive. everytime i try to delete it it says windows.old is no longer located in c:\. drive. i have no files in it except files in SecuRom folder that are 1: ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ 2: ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ they are u only files still in windows.old disk cleanup trick...
General Discussion
How to delete a file in system32
Hi all, I'm trying to delete a file in System32 folder. No matter what I did such as Right click, drop and drag, install Delete programm, I still cannot delete this virus file. Could you please show me how to delete that file pls. Thanks.
System Security
If malwarebytes found threats and i delete all the threats will it bro
If malwarebytes found threats and i delete all the threats will it broke my pc?
System Security
Need Help finding a system32 folder to delete all viruses found.
So... My Laptop is loaded with viruses I need help to something suitable to delete my viruses and I don't want to do any further downloads. Also, how do I find my system32 folder? I can't seem to find it. And I've been told that by deleting it I can get rid of ALOT of viruses. I just really...
System Security
c:\windows\system32\drivers\pwzswb
c:\windows\system32\drivers\pwzswbfdzrbrwme.sys is corrupt according to test. I cannot get the pc to boot up in windows 7 I don't believe this is a real windows file, but may have been some virus to lock down windows. Any ideas how to re start ( without doing a complete re boot from the...
BSOD Help and Support
How to find system32 file and delete jucheck
Hello, I want to check to see if the jucheck_exe that keeps coming up and wanting installed is in my system32 folder but I don't know how to find it and if its there to delete it. Thanks.32
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:46.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App