There is an entry in Auto-run Analyzer named zedltn.sys .
there is no or very little information is available about zedltn.sys on internet which is not enough
to decide whether its a virus or not .
1] i can not copy this file to other directory
2] i can not delete it .
3] Publisher is unknown
3] CCE auto-run analyzer rating >> error access denied
So i think its a suspicious driver .
Its not possible to delete it from windows but i can delete it from my Ubuntu machine
[ Dual boot XP and Ubuntu ]
So please help me to decide if its a virus and should i remove it from my PC
My system Dual Boot Windows XP and Ubuntu 12.04
CIS version 5.12.252301.2551
Virus signature database version 14039
About CCE : refer Image .
Please boot to Ubuntu and browse to that file, and make a copy to somewhere else.
While in Linux you should be able to access that file and upload to virustotal.com like Chiron already suggested.
Poof ! ??? Its gone , There is no zedltn.sys in my system
last time i disabled this driver , i serched for the zedltn.sys but nothing found , even with display hidden files and folders , display system files and various other options enable .
CCE [ AutoRun analyzer is not even showing this file .
So i think its gone or something like that ,
search the from my ubuntu system , but no luck ???
It suggests that you run Malwarebyte Anti-Malware but also gives additional info
Personnally I would use CCE, HitmanPro and MBAM to scan your system and then ( if you are confident enough ) check the registry for any entries listed on the site to double check
This can also happen with e.g. using GMER scanner it drops a driver with a random name, starts it loads it in memory and removes it from disk.
It could be your facing such behavior, not necessarily a rootkit.
I never used GMER scanner , i heard this for the first time .
Problem is solved , i formated my PC recently for other reasons [ upgraded to Windows 7 as a primary os and kept Ubuntu 12.10 for online browsing ]
