System file: zespho.sys behaves strangely

G

gassyal

Environment: Compaq R4000 laptop (AMD 64 Athlon 3200+ with 2GB Ram)
running Windows XP Home

Hi group:

Last night I ran a free program called Norton Security Scan and it
came up with two threats. This posting is about one of those
threats...the other was resolved.

Norton's report about this threat said in part:

------

Trojan Horse
Virus ID: 25464
Risk: High Categories:
Virus State: Unhandled -----------Infection:
c:\windows\system32\drivers\zespho.sys
Browser Cache

------

I did a Google search for the zespho.sys file and found nothing. I
also did a search in my laptop for other zespho objects and found
nothing; also nothing in the laptop's registry and the .ini startup
files.

Not knowing what to do, I deleted this file into my Recycle Bin and
shut down my laptop.

Today while I was on the laptop, I looked into the Recycle Bin and to
my surprise, the zespho.sys file was not there...in it's place was a
file called zipfldr.dll.

I looked back in the C:\Window\System32\Devices folder and believe it
or not, the zespho.sys file was in that folder. Also, the zipfldr.dll
file was in the System32 folder.

What's going on here? Are these two files somehow related to each
other?

I look forward to your comments and suggestions.

Regards,
Al Gershen
Grants Pass, OR
(e-mail address removed)
 
C

Colin Barnhorst

Did you do a search on Norton's website for this to see if it is a threat
that requries one of Norton's special removal tools?
 
P

PA Bear [MS MVP]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What happened to the NetPerSec utility program? 7
What are PREFETCH files for? 24
C:\Recycler - can I delete OLD files from this directory? 1
Recycle Bin has Windows in It - Help 4
Oddity in the Recycle Bin 5
delete a file and it is still there 3
Recycle Bin Error 7
Can't empty recycle bin 5

Top