Hi
BitDefender keeps detecting sdd.sys which is located in c:\windows\system32\drivers\sdd.sys as being infected with Backdoor.HacDef.DO .
You can download it here : http://www.everestlabs.com/antispyware-download/
Regards
Niels
Hi Niels,
Are you sure that sdd.sys belongs to this antispyware? I downloaded and installed the application but I cannot find any sdd.sys.
If you have that file, please send it for analysis. You can PM it to me.
Have a nice day,
Lirima
Yes that file belongs to the everstlabs's application and it is currently seen by many other anti-virus products as a virus. I can't send you the file as I don't have this software installed at work, but I'll try.
Hi Lirima
Yes it's part of SpyDefense. Because BitDefender only reacts when I perform a scan with it.
The strange thing is even when I enable show hidden files and folders. I can't locate the service. I did a search in google and NOD32 detected the same driver as infected. Here you can see it also :
http://www.wilderssecurity.com/archive/ind...p/t-116101.html
Thank you very much for your reply.
Check again the driver, I think BitDefender doesn't detect it anymore. I've tried 2 hours ago and didn't receive any alert.
Hi Florin Stiuca
I will try to perform a scan. I tested it only yesterday.
I still get the same warning. The warning popup's at the end. But another security program detected a trojan. Now also an system restore point is infected. The strange thing is that it's the same driver that NOD32 did detected as an false positiv.
The application drops the driver sdd.sys at some point during it's execution (probably that's when you get the warning popup) and installs it. The driver hooks a function used to create processes, which is probably why it got signed in the first place (by NOD32 too). It is clean.
The detection will be removed in a few hours.
Hi Vlad
It only appears when the scan is almost completed. In the beginning I don't receive a warning from BitDefender. Thank you very much for your very quick reply.
