ZOverLord Rated PG
|
Posted: Tue, 19 Jul 2005 11:16:49 Post Subject: Are Your Windows Drivers Wacked Or Hacked? |
|
|
Suggestion.
Besides running scans it is also a good thing to run "sigverif". This will create a list of ALL drivers on your system, signed and unsigned. The output is located in your C:\Windows\sigverif.txt file.
It surprised me most people do not do this. Many trojans mask themselves as drivers on your system, and most if not all are never signed.
Be careful however, some unsigned drivers are valid, especially video drivers.
To make it easier to run and check your drivers, so you can compare from to time if you think you may be infected, here are some instructions to do this check.
I would save the file somewhere, so when you run it again, you can compare any differences.
Click Start | Run and in the box, type sigverif and then click OK.
In the File Signature Verification dialog box, click the Advanced button.
On the Search tab, click Notify me of any system files that are not digitally signed.
Click OK, then click the start button.
The tool will display a list of any unsigned system drivers you have installed on your computer.
This is a good first step in troubleshooting driver-related problems.
You can remove the unsigned driver(s) that you think may be causing the problem (it is recommended that, rather than deleting them, you move them to a different location, so you can move them back if the removal causes problems).
Note that video drivers are often unsigned, but you usually shouldn't remove them since you may not be able to display anything on your computer if you do.
To view the output of all system drivers open the C:\Windows\sigverif.txt file. _________________ Where Black, Gray and White Hats Unite to help protect YOU from current and future Exploits http://testing.OnlyTheRightAnswers.com |
|