beep.sys ??

[bdr127]

In my daily scan today, it found one file: "Trojan.Patched - C:\Windows\system32\drivers\beep.sys"

I searched online and found there are a few viruses that do stuff with beep.sys. I don't have any of the other symptoms of Virantix or Braxia, so I don't think those are the issue. I also did a HijackThis scan, and it didn't find anything. I did a McAfee anti-virus scan, and it didn't find anything.

Could this be a false positive? I appreciate any input. Thanks!

[bmex63]

bdr127,

I also received this alert today from Malwarebytes regarding 'beep.sys.' It successfully removed the file. I am now running additional scans with SUPERAntiSpyware and NOD32. They have not found anything related to the beep.sys file yet. I'll post if that changes when the additional scan are finally complete. I guess the file could be a remnant of a past virus. Any takers?

Thanks

[GT500]

I also did a HijackThis scan, and it didn't find anything.

HijackThis does not scan for malware. It presents you with a list of items that you then have to decide are good or bad. It is an expert analysis tool, and not an anti-malware tool for the average user.

Normally, when MBAM complains about beep.sys, it means beep.sys is infected. There are a lot of beep.sys trojans out there, and you could spend days going through all of the to see if it's the one you had. It could have also been a leftover from something that your system was infected with in the past.

Note that beep.sys is a system file, and we do make sure that MBAM does not remove legitimate system files. I just tested against database version 1710 (the latest at the moment) on Windows XP Service Pack 2, and beep.sys was not detected as malware.

[bdr127]

HijackThis does not scan for malware. It presents you with a list of items that you then have to decide are good or bad. It is an expert analysis tool, and not an anti-malware tool for the average user.

Normally, when MBAM complains about beep.sys, it means beep.sys is infected. There are a lot of beep.sys trojans out there, and you could spend days going through all of the to see if it's the one you had. It could have also been a leftover from something that your system was infected with in the past.

Note that beep.sys is a system file, and we do make sure that MBAM does not remove legitimate system files. I just tested against database version 1710 (the latest at the moment) on Windows XP Service Pack 2, and beep.sys was not detected as malware.

I understand HijackThis has its limitations. My point in including that in my original post was so you were aware that I had explored many virus/spyware/malware avenues, and not solely MBAM. (FWIW, quoting HijackThis' FAQ: "HijackThis inspects your computers browser and operating system settings to generate a log file of the current state of your computer. Using HijackThis you can selectively remove unwanted settings and files from your computer. Because the settings identified in a HijackThis log file can belong to both legitimate software and unwanted malware it is important to use extreme caution when selecting to removing anything using HijackThis.")

The problem with viruses/malware that use the same name as legitimate files is know when to remove them and when not to remove them.... I'm not sure which this is. Any additional comments are appreciated. Thanks!

[serta]

HI bdr127,

Check the false positive forum, a few of us had FP today on beep.sys ,fixed with 1710 update, I left a link to virus total page so compare the md5 there with yours.

Here's mine on XPsp2 = md5 DA1F27D85E0D1525F6621372E7B685E9

Here's VT link = http://www.virustotal.com/analisis/e68af96...a9d29e4dc9da490

HTH

[bdr127]

HI bdr127,

Check the false positive forum, a few of us had FP today on beep.sys ,fixed with 1710 update, I left a link to virus total page so compare the md5 there with yours.

Here's mine on XPsp2 = md5 DA1F27D85E0D1525F6621372E7B685E9

Here's VT link = http://www.virustotal.com/analisis/e68af96...a9d29e4dc9da490

HTH

Thanks, serta. Everything is now good with the 1710 update. For some reason MBAM didn't update at 2pm today like it was supposed to... (or the 1710 update came out after 2pm).

Thanks for your help!