Britec Tech Support Forum
[Solved] sp_data.sys - Printable Version

+- Britec Tech Support Forum (https://briteccomputers.co.uk/forum)
+-- Forum: Computer Security (https://briteccomputers.co.uk/forum/forumdisplay.php?fid=50)
+--- Forum: Security, Viruses, Trojans & Malware Removal (https://briteccomputers.co.uk/forum/forumdisplay.php?fid=30)
+--- Thread: [Solved] sp_data.sys (/showthread.php?tid=99)



[Solved] sp_data.sys - ShroomBoy69 - 09-13-2014

I keep getting this sp_data.sys in my roaming folder. I Googled it and a bunch of forms were saying zeroaccess, backdoor, one said Trojan.Dropper.BCMiner. I ran a few scans with TDSSKiller, HitmanPro, and RougeKiller. And my antivirus (KAspersky Pure) found nothing. Anyone know anything about this file?


RE: sp_data.sys - Britec - 09-13-2014

Upload sp_data.sys to Virustotal


RE: sp_data.sys - GuiltySpark - 09-13-2014

If nothing tried so far has alerted a 'presence' then I would assume it's ok.

You could download CCleaner and run the cookie cleaner part it should remove a lot of things in the Roaming folder.


RE: sp_data.sys - Britec - 09-13-2014

Shroomboy69 please follow directions below if you need help in removing Zeroaccess


Important: Before we start any removal process you might want to create a Restore Point

Please Download
 Farbar Recovery Scan Tool and save it to a flash drive. (For (x86)
Please Download
 Farbar Recovery Scan Tool x64 and save it to a flash drive. (For x64)


Important: Please leave flash drive plugged into the computer.


How to enter System Recovery Options from the Advanced Boot Options:

·         Restart the computer.
·         once you see Post Screen start tapping the F8 key repeatedly until Advanced Boot Options appears.
·         Use the up and down curser arrow keys to select the Repair your computer menu.
·         Please select US Keyboard Language, and then click Next.
·         Choose infected operating system you want to repair, then click Next.
·         Select your user account then click Next.

On the System Recovery Options choose Command Prompt:


At Command Prompt window type notepad and press Enter

1. Once notepad opens up. Click File and select
 Open.
2. Select Computer on the left and locate your flash drive letter (you can now close notepad)
3. ]In the command Prompt window type
 z:\frst.exe (for x64 bit version type z:\frst64) and press Enter 


Important: Replace letter z with the drive letter of your flash drive.
4. Farbar Recovery Scan Tool will start to run. Then click
 Yes to disclaimer.
5. Press
 Scan button.
6. Once
FRST  has completed its scan and FRST.txt file has been created, you can close this message.

7. Now type services.exe in search box:
8. Please press the
 Search button
9. Once search is complete, search.txt alongside
FRST.txt  will be written to your USB
10.Type
 exit and Remove USB flash drive and Reboot your computer

Please copy and paste (FRST.txt and Search.txt) logs in your reply.



RE: sp_data.sys - ShroomBoy69 - 09-13-2014

I don't really think it's a zeroaccess, scans are coming up with nothing, virustotal neither. https://www.virustotal.com/en/file/550d15d2910ef4cde5511f90292099f87c45fc0a334c2c0cb7c7615a04286037/analysis/1410639803/
I did open it with notepad and all it said was:
[Main]
ColorTableName=00010000
Mode=1
ColorTemperature=50


RE: sp_data.sys - Britec - 09-13-2014

So you don't want no help? if not I can close thread


RE: sp_data.sys - ShroomBoy69 - 09-13-2014

Yea, I think I'm just getting paranoid. I did have a zeroaccess before but Kaspersky removed it in a heartbeat. I did contact the guys over at malwareup.org but if something comes back I'll just PM you. If it's important.


RE: sp_data.sys - Britec - 09-13-2014

OK I will close this Thread.