Hi Kevin,
Sorry for the delayed reply. Honestly I wasn’t expecting more responses to the issue.
I do appreciate your detailed explanation and even a history tour in addition.
1) NIRCMD.EXE
As I said before here, and in another thread - my opinion and as I found the opinion of some great (believe me) specialist/developers in Malware Removal area – the said flagged exe should not be considered as a threat. At the same time you have rights to leave it "as is". Well let's say we have “Riskware” detections. Some SysInternal Tools are good example from hundreds possible. Since we can ignore/Exclude - we are fine.
2) SPTD.SYS.
First – please don’t flag that one
That will probably lead to removal of BOClean from millions of computers. That was
half-joke...
really just half...
Sending sptd.sys to you is not a problem. It is sitting in system32 here for ages being upgraded to the newest versions as soon as those available.
File by itself is not interesting thing. More interesting is how it’s installed.
And for finding that it is just a matter of getting free Daemon Tools Lite and watch it during installation procedure using all powerful tools you are equipped with.
Most of anti-rootkit utilities I ran just ignore it.
Mark’s Rootkit Revealer shows it and one or both Chinese ones Ice Sword and/or Darkspy (I did not run those for a while – that's why “or” was used).
Thank you again for your time
My regards
Heh. We cool then ... and now that you've reminded me of SPTD, that's probably why we don't fire off on it and haven't for a while ... sure do remember that one, and with all that's out there THESE days, remembering any one single thingy is remarkable right there. Heh. But yeah, we do have reasons based on the design of how things have always been done and what priorities were always expected of us in doing them.
Author