zedltn.sys >>> Is it a Virus

There is an entry in Auto-run Analyzer named zedltn.sys .
there is no or very little information is available about zedltn.sys on internet which is not enough
to decide whether its a virus or not .

1] i can not copy this file to other directory
2] i can not delete it .
3] Publisher is unknown
3] CCE auto-run analyzer rating >> error access denied
So i think its a suspicious driver .
Its not possible to delete it from windows but i can delete it from my Ubuntu machine
[ Dual boot XP and Ubuntu ]
So please help me to decide if its a virus and should i remove it from my PC

My system Dual Boot Windows XP and Ubuntu 12.04
CIS version 5.12.252301.2551
Virus signature database version 14039
About CCE : refer Image .

[attachment deleted by admin]

Please upload the file to virustotal and post a link to the results.

Please boot to Ubuntu and browse to that file, and make a copy to somewhere else.
While in Linux you should be able to access that file and upload to virustotal.com like Chiron already suggested.

Poof ! ??? Its gone , There is no zedltn.sys in my system
last time i disabled this driver , i serched for the zedltn.sys but nothing found , even with display hidden files and folders , display system files and various other options enable .
CCE [ AutoRun analyzer is not even showing this file .

So i think its gone or something like that ,
search the from my ubuntu system , but no luck ???

Hi digit01,

You posted that zedltn.sys is no longer found on your system, but having a quick google round I came across this :- http://www.uninstall-tool.com/how-to-clean-up-troroot-kit-infection-completely-and-effectively-removal-help/

It suggests that you run Malwarebyte Anti-Malware but also gives additional info :slight_smile:

Personnally I would use CCE, HitmanPro and MBAM to scan your system and then ( if you are confident enough ) check the registry for any entries listed on the site to double check :slight_smile:

Let us know how you get on :-TU :slight_smile:

This can also happen with e.g. using GMER scanner it drops a driver with a random name, starts it loads it in memory and removes it from disk.
It could be your facing such behavior, not necessarily a rootkit.

I never used GMER scanner , i heard this for the first time .
Problem is solved , i formated my PC recently for other reasons [ upgraded to Windows 7 as a primary os and kept Ubuntu 12.10 for online browsing ]