« previous next »
Pages: [1]   Go Down
Share this topic on AskShare this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on LiveShare this topic on MagnoliaShare this topic on MySpaceShare this topic on RedditShare this topic on SlashdotShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz

Author Topic: Application Driver Auto Removal Service (01)  (Read 1522 times)

0 Members and 1 Guest are viewing this topic.

Offline KrautzFergen

  • New Member
  • *
  • Posts: 3
Application Driver Auto Removal Service (01)
« on: October 04, 2008, 04:54:13 AM »
Hi, first post.  Greetings to BV and hello everyone.  I can't figure what this is..

Application Driver Auto Removal Service (01)

"This service automatically uninstalls Application Driver after the last application used the driver is uninstalled. After the driver is uninstalled, the service uninstalls itself as well. If an application requires Application Driver is reinstalled, the driver as well as this service will be also reinstalled at the first run of the application. This service is not constantly operating, and does not use memory. It is launched automatically on operating system startup and unloads itself from memory after completing all tasks described above."

(appdrvrem01.exe svc)

It's free of malware..

 ???  Little help, anyone?

~Krautz
Logged

Offline couttsj

  • Hero Member
  • *****
  • Posts: 528
Re: Application Driver Auto Removal Service (01)
« Reply #1 on: October 04, 2008, 08:49:43 AM »
The only information I could find is that it is a backdoor trojan:
http://www.greatis.com/appdata/d/a/appdrvrem01.exe.htm
It supposedly has been around since June 30, but none of the majors list it. Where did you get the file? I suggest that you submit it to VirusTotal for analysis.

J. A. Coutts
Logged

Offline KrautzFergen

  • New Member
  • *
  • Posts: 3
Re: Application Driver Auto Removal Service (01)
« Reply #2 on: October 04, 2008, 09:12:05 AM »
I've submitted it to every online scanner that I know of, including VirusTotal.  It's supposedly clean.  It popped up >2 weeks ago.
Logged

Offline couttsj

  • Hero Member
  • *****
  • Posts: 528
Re: Application Driver Auto Removal Service (01)
« Reply #3 on: October 04, 2008, 09:38:54 AM »
The fact that the only information I could find suggested that it was a virus (90% of it in a foreign language), and nobody lists it as a legitimate file, would tend to suggest that it actually is a virus. I would strongly recommend that you get rid of it.

J.A. Coutts
Logged

Offline couttsj

  • Hero Member
  • *****
  • Posts: 528
Re: Application Driver Auto Removal Service (01)
« Reply #4 on: October 04, 2008, 03:12:52 PM »
Further research indicates there is an associated file that goes along with the exe file:
C:\Windows\system32\Drivers\appdrv01.sys
C:\WINDOWS\system32\appdrvrem01.exe

All research indicates that it is a backdoor trojan, and none of the AV vendors are able to detect it, although some suggest that it is suspicious. The infected computers were all cleaned up with HiJackThis.

J.A. Coutts
Logged

Offline KrautzFergen

  • New Member
  • *
  • Posts: 3
Re: Application Driver Auto Removal Service (01)
« Reply #5 on: October 04, 2008, 11:58:46 PM »
Thanks for your input.  Its service description alone is highly suspicious.  I'm taking care of it now. 
Logged
Pages: [1]   Go Up
« previous next »