How to promptly respond to unknown virus detection sp **. sys

 

CCID-it reports [community arrangement]

Recently, some forum friends have been using unknown viruses to detect suspicious sp **. sys, suspicious 37%, but the status is "file does not exist ".

By checking the sreng scan report of the user who found the problem, no virus was found. Therefore, this was initially identified as a residual registry. Later, under the pressure of a user. I asked the engineer who developed the unknown virus detection program. The engineer analyzed the source program and found it was an apihook problem. I suggest using ssdt detection tools to find out the cause, you can find the file under system32/drivers. According to this prompt, the user finds related items in ssdt, but after recovering ssdt, although the unknown virus detection cannot find sp **. sys is suspicious, but reboot the computer again. Based on the analysis provided by the user. I downloaded a DT file for testing.

Before installation:

Restart your computer:

After deleting the spdt under system32/drivers, restart the computer again:

Unknown virus detection again:

At this time, everything is normal, but the virtual optical drive software cannot be used.

As you can know, this is not a virus problem, so you can rest assured. This is only a phenomenon caused by modifying the system interface after the virtual optical drive is installed.

According to the information provided by netizens in the comprehensive online search forum: sptd. sys is an interface driver provided to the virtual optical drive, which is inherent in a system. After the virtual optical drive is installed, the driver will be used. However, after the driver is detached, the driver also works.