"ROOT\LEGACY_SSDPSRV\0000" post trojan removal
My PC Hell Forum
September 07, 2008, 03:20:24 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Moving to New Location Soon! Watch out for notification. 14th Dec 2007.
 
   Home   Help Search Calendar Login Register  
Pages: [1]
« previous next »
  Print  
Author Topic: "ROOT\LEGACY_SSDPSRV\0000" post trojan removal  (Read 952 times)
wanabe
Rising Star
***
Posts: 121



View Profile
« on: January 09, 2008, 10:17:36 PM »
i just reinstalled windows on a friends computer and it had viruses and Trojans on it.

the computer seems to work fine however i get a new hardware detected when the computer turns on there is a unknown driver detected in the device manager that can only be identified as "ROOT\LEGACY_SSDPSRV\0000" i looked this up and i guess i has something to do with a Trojan according to a sophos antivirus page "http://www.sophos.com/security/analyses/trojpuperd.html" and ive been looking for away to safely remove it or what ever makes this mystery driver come back.

 i don't have any of the processes that the Trojan is supposed to start

(oh yea i can delete the mystery driver in safe mode. it will even stay away for one restart, but it always comes back???)

w+f! any way, any suggestions?
Logged
I'm just an anal-retentive  free available space monger. If you ever need help peeling bananas, I'm here to help.
Thanks seriously
Squeezebox
Administrator
******
Posts: 2756



View Profile
« Reply #1 on: January 10, 2008, 02:26:28 AM »
Try a search in registry for:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSDPSRV\0000]

Actually search for the last bit: "LEGACY_SSDPSRV\0000"

Delete the key or keys you find.

It might be better to do a clean reinstall again though.
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #2 on: January 10, 2008, 08:32:45 AM »
Try this run a full scan and post the log

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
wanabe
Rising Star
***
Posts: 121



View Profile
« Reply #3 on: January 10, 2008, 07:51:58 PM »
Malwarebytes' Anti-Malware Version 0.89
Database version: 244

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\| )
Objects scanned: 40070
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



looks like no male ware. thats what avast and spy weeper(webroot) said
Logged
I'm just an anal-retentive  free available space monger. If you ever need help peeling bananas, I'm here to help.
Thanks seriously
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #4 on: January 11, 2008, 09:50:17 AM »
If there are no files that the legacy key can run then it is just junk in your registry
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
Squeezebox
Administrator
******
Posts: 2756



View Profile
« Reply #5 on: January 12, 2008, 03:20:59 AM »
Which is where I started - see my initial reply.
Logged
wanabe
Rising Star
***
Posts: 121



View Profile
« Reply #6 on: January 13, 2008, 12:06:55 AM »
so, realistically it is probably safe to delete the reg entries?

doing so will get rid of the "install new hardware wizard-pop up" at start up?

...... yathink <==== its called YA-think but it appears more to me as the thinking man statue.

K thanks!
Logged
I'm just an anal-retentive  free available space monger. If you ever need help peeling bananas, I'm here to help.
Thanks seriously
Squeezebox
Administrator
******
Posts: 2756



View Profile
« Reply #7 on: January 13, 2008, 03:25:47 AM »
Quote from: wanabe on January 13, 2008, 12:06:55 AM
so, realistically it is probably safe to delete the reg entries?

doing so will get rid of the "install new hardware wizard-pop up" at start up?

Because I've never encoutered the same problem, I can't say - but it should do, according to my searches.

Dave
Logged
wanabe
Rising Star
***
Posts: 121



View Profile
« Reply #8 on: January 13, 2008, 05:15:17 PM »
ok thanks just wanted to double check
Logged
I'm just an anal-retentive  free available space monger. If you ever need help peeling bananas, I'm here to help.
Thanks seriously
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!