system information file

[Guest]

I have the folowing file that has a start mode of Boot. Even when I search,
unhide all extensions, use run command, it doesn't show up anywhere.

SYSTEM INFORMATION

NAME DESC. FILE

SZKG SZKG C:\WINDOWS\SYSTEM32\DRIVERS\SZKG.SYS

STARTED START MODE STATE STATUS ERR. CONTROL

NO BOOT STOPPED OK NORMAL

ACCEPT PAUSE ACCEPT STOP

NO NO

Someone told me that this is not an Microsoft file.

I don't know what it is or how to get rid of it.

Any help?

Thanks,

Jenny

Jenny

 

[Pegasus \(MVP\)]

I have the folowing file that has a start mode of Boot. Even when I search,
unhide all extensions, use run command, it doesn't show up anywhere.

SYSTEM INFORMATION

NAME DESC. FILE

SZKG SZKG C:\WINDOWS\SYSTEM32\DRIVERS\SZKG.SYS

STARTED START MODE STATE STATUS ERR. CONTROL

NO BOOT STOPPED OK NORMAL

ACCEPT PAUSE ACCEPT STOP

NO NO

Someone told me that this is not an Microsoft file.

I don't know what it is or how to get rid of it.

Any help?

Thanks,

Jenny

Jenny

Presumably you're talking about a service. Since there is
no file called SZKG.SYS the service would not be able
to start or do anything useful or damaging.

If this entry really bothers you then you can remove it from
the registry: HKLM\SYSTEM\CurrentControlSet\Services.
Create a System Restore Point first, just to be on the safe
side.

 

[Guest]

--
Thanks for any help.

Presumably you're talking about a service. Since there is
no file called SZKG.SYS the service would not be able
to start or do anything useful or damaging.

If this entry really bothers you then you can remove it from
the registry: HKLM\SYSTEM\CurrentControlSet\Services.
Create a System Restore Point first, just to be on the safe
side.

I would love to create system restore point but my system restore is not
working. I have posted a questions about this in support & troubleshoot,
System Restore, page 6 or 7. I have done everything suggested and restore
still doesn't work. I guess I will just leave it alone.

Thank you very much for your help.

Jenny

 

[Guest]

This is what I find in the hklm file. Does this tell you anything?

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\szkg\Enum]
"0"="Root\\LEGACY_SZKG\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Jenny

 

[Atribune]

This may be a new rootkit, can you boot to safe mode by tapping F8 on
reboot and selecting safe mode from the list of options that appears.

Once in safe mode navigate to C:\WINDOWS\SYSTEM32\DRIVERS and look for
that file. If found please zip it up and then submit it at
http://www.atribune.org/submit-malware.php. If you get me that file ill
take a look and find out what it is.

 

[lurkswithin]

I believe it to be a game file from a foreign made game dealing wit
the fighting of Zombies

If that is any help to you. Sorry but I do not know the name of th
game on a few references to a game with that file in it that i
played in various colleges

 

[Guest]

Atribune,
Symantec didn't have anything on that filename. I wouldn't be too worried
about it being a rootkit.

Mack

 

[Mac]

http://www.google.com/search?hl=en&lr=&rls=GGLD,GGLD:2004-01,GGLD:en&q=SZKG&btnG=Search

 

[Atribune]

Big_Mack1,

Symantec definately isn't strong when it comes to rootkit detection.

A file the user has reason to believe is there but isnt visible sounds
rootkit like to me.

sys files are driver files as most rootkits are.

Just my opinion but its worth looking at.

 

[Guest]

The file is not found when in safe mode. The only time I can find the file
is in Outlook/Help/About Outlook/System Info.

Sorry I can't send it to you.

Jenny

 

[Atribune]

Hi Jenny,

Click start then run and type sc delete szkg then press enter.

Doing this will delete the service.

Be sure to back up your registry before performing this.

 

[Guest]

Hello Atribune,

How do I back up my registry?

Jenny