Jump to content

Recommended Posts

Hi all,

 

A month or so ago I added Junkware Removal Tool to my regular weekly scans (CCleaner, Defender scan, SAS, MBAM, JRT in that order).

I have noticed that JRT keeps finding and removing the same file (The others ignore it);

C:\Users\myname\AppData\Roaming\sp_data.sys

This file then gets recreated next time I boot.

Results of a google search are ambiguous as to whether this is Junkware/Malware/Virus or not, and I cannot find a description as to what this file is actually for, or what process/application uses it.

The contents of the re-created file are always:

[Main]Mode=1ColorTableName=X551MA_8086_AF0620ECColorTemperature=50IsSupportedMode=1

X551MA is my Asus laptop model.

So does anybody know just what this file is?

Is it a false positive in JRT?

If not then what is it?
And what is the likely source that is recreating it on every boot?

Link to post
Share on other sites

Hi,

 

Thanks for your report. :)

 

That file probably is related to ASUS

 

X551MA being the model number of the product

8086 being a vendor number associated with Intel

Unsure about that last string (AF0620EC)

 

In any case, I'll remove detection for it in an upcoming build if it is constantly readded. But no, it doesn't appear to be malware related. It's just an unusual place for any software to drop a system file.

 

Regards

Link to post
Share on other sites

Thanks for the replies;

Pondus,
I had already checked it with virustotal after making the OP, and decided that it was indeed safe.
Just for info here's the result from a new scan:
https://www.virustotal.com/en/file/e48d105884e0fca52d2e8042c88a14616d0a3db213093755ba494ab2026c3768/analysis/1452686004/

thisisu,
Yes, it's an Asus laptop with an Intel processor and Intel HD Graphics
I did a search for the string 'AE0620EC' and found a Chinese site for HTTP headers that links it with an IP, 175.6.32.236
That IP looks up to- near: Changsha, Hunan, China
A further search shows that there is indeed a large Asus factory and service centre located in Hunan.

Just a case now of finding out just what the file is, and what application is using it.
(Probably it will be related to the graphics card).

Once again thanks for taking a look.

Link to post
Share on other sites

  • 4 weeks later...

Cheers thisisu,

 

I still never found out exactly what is using/recreating that file, couldn't be bothered spending too much time on it once I decided it was harmless.

 

Look ing forward to 8.0.3

Link to post
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.