Tweet
I have some suspicion my laptop has been hacked and a keylogger installed, with possible financial losses 
.
Malware detectors have been unsuccessful, except IceSword, which reported System Service Descriptor Table entries for NtCreateKey and similar being "hijacked" by sphn.sys. I use DT 4.12.3.
This file is allegedly in system32/drivers folder, except it cannot be seen there from the file system.
On another computer I use (has DT 4.08) the same entries are "hijacked" by sptd.sys.
Is this normal that DT links those entries to itself for the fake SCSI driver? Why is it called sphn.sys on my laptop while called sptd.sys on the other computer?
Do any of you have the same entries linked to such .sys files?
Any help will be much appreciated in trying to investigate this.
.Malware detectors have been unsuccessful, except IceSword, which reported System Service Descriptor Table entries for NtCreateKey and similar being "hijacked" by sphn.sys. I use DT 4.12.3.
This file is allegedly in system32/drivers folder, except it cannot be seen there from the file system.
On another computer I use (has DT 4.08) the same entries are "hijacked" by sptd.sys.
Is this normal that DT links those entries to itself for the fake SCSI driver? Why is it called sphn.sys on my laptop while called sptd.sys on the other computer?
Do any of you have the same entries linked to such .sys files?
Any help will be much appreciated in trying to investigate this.
Comment