« previous next »
Pages: [1]   Go Down

Author Topic: Cdns.sys  (Read 3200 times)

0 Members and 1 Guest are viewing this topic.

pops

  • Guest
Cdns.sys
« on: October 04, 2009, 10:52:07 PM »
Avast keeps warning me about C:\WINDOWS\System32\Drivers\Cdns.sys but when I research it, I can't find anything on this.  The suggestion is to 'Ignore'.  How do I determine what this file is? Thanks.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Re: Cdns.sys
« Reply #1 on: October 05, 2009, 12:15:09 AM »
This is a common location for rootkits and this is I believe being detected on the anti-rootkit scan (8 minutes after boot). The Ignore option also indicates this is on the anti-rootkit scan. Hopefully you allowed it to be sent to avast for analysis ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

If you get multiple detections in VT then reboot and when avast alerts on this allow it to deal with it rather than Ignore.

However, as a first step it is better to rename it to say SUS-Cdns.sys that way the file isn't deleted but renamed. So if it is a necessary file you should get error messages saying the file can't be found. If it does happen to be a rootkit then since it was renamed it too wouldn't be found.
« Last Edit: October 05, 2009, 12:19:00 AM by DavidR »
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

pops

  • Guest
Re: Cdns.sys
« Reply #2 on: October 09, 2009, 03:22:09 AM »
I'm still getting the warning.... but the file doesn't show up in any file manager.  I've opened up Explorer to view system/hidden files and still nothing.  Avast describes it as a hidden service.  Any suggestions?
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Re: Cdns.sys
« Reply #3 on: October 09, 2009, 03:38:48 AM »
Because of its location and not showing up in any file manager it is highly likely it is hidden by a rootkit.

Are you sure that is the correct file name as a google search for if basically finds the ones in this forum, so that is in itself suspect for a file in the system32\drivers folder.

I would normally not suggest that you delete this, but since you have been unable to find it, you could let avast deal with it next time round.

However, before you do that try these other tools and see if they also report this.

- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight.
- RootRepeal, http://rootrepeal.googlepages.com/ RootRepeal is a new rootkit detector currently in public beta. Scroll down the page for the download link. Also see, http://www.malwarebytes.org/forums/index.php?showtopic=12709 for general information on running it. Also see, http://forum.avast.com/index.php?topic=47511.msg401133#msg401133.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »