What Are These Two Files?

  • Thread starter Thread starter Scott Davis
  • Start date Start date
S

Scott Davis

Two files appeared in "C:\WINDOWS\SYSTEM32\DRIVERS" yesterday:

1. litsgt.sys
2. tansgt.sys

Can anyone tell what they are for, or where I might be able to find
more information about them? I couldn't find anything on google, or
any of several device driver web sites I searched.

Thanks,
SD
 
From: "Scott Davis" <[email protected]>

| Two files appeared in "C:\WINDOWS\SYSTEM32\DRIVERS" yesterday:
|
| 1. litsgt.sys
| 2. tansgt.sys
|
| Can anyone tell what they are for, or where I might be able to find
| more information about them? I couldn't find anything on google, or
| any of several device driver web sites I searched.
|
| Thanks,
| SD


Please submit a sample of "litsgt.sys" and "tansgt.sys" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.
 
From: "Scott Davis" <[email protected]>

| Two files appeared in "C:\WINDOWS\SYSTEM32\DRIVERS" yesterday:
|
| 1. litsgt.sys
| 2. tansgt.sys
|
| Can anyone tell what they are for, or where I might be able to find
| more information about them? I couldn't find anything on google, or
| any of several device driver web sites I searched.
|
| Thanks,
| SD


Please submit a sample of "litsgt.sys" and "tansgt.sys" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.
Click to expand...

David,
Thanks for the tip (nice site). Both files were considered "clean" by
all the scanners. That's reassuring, although its still a mystery.
Perhaps they are benign, but I don't recall installing any new
programs yesterday. My daughter (who is just discovering the
Internet) has downloaded three viruses over the last few days, which
is why I'm concerned.

Thanks again,
SD
 
From: "Scott Davis" <[email protected]>


|
| David,
| Thanks for the tip (nice site). Both files were considered "clean" by
| all the scanners. That's reassuring, although its still a mystery.
| Perhaps they are benign, but I don't recall installing any new
| programs yesterday. My daughter (who is just discovering the
| Internet) has downloaded three viruses over the last few days, which
| is why I'm concerned.
|
| Thanks again,
| SD

Yes, teach your daughter Safe Sex and Safe Hex. Your concern is warranted.
http://www.claymania.com/safe-hex.html
 
Scott Davis wrote:
My daughter (who is just discovering the
Internet) has downloaded three viruses over the last few days, which
is why I'm concerned.

Thanks again,
SD
Click to expand...

My condolences:) I've been there, done that. Perhaps, you should
consider assigning here a user account, rather than full administrator
rights. Tell her she has to earn admin privileges.
 
Scott said:
David,
Thanks for the tip (nice site). Both files were considered "clean" by
all the scanners. That's reassuring, although its still a mystery.
Perhaps they are benign, but I don't recall installing any new
programs yesterday. My daughter (who is just discovering the
Internet) has downloaded three viruses over the last few days, which
is why I'm concerned.

Thanks again,
SD
Click to expand...

You can also go to google.com, type in the filename and get info on
them, since they are clean.
 
From: "Poster 60" <[email protected]>


|
| You can also go to google.com, type in the filename and get info on
| them, since they are clean.
|

Scott stated in his original post -- "I couldn't find anything on google, or
any of several device driver web sites I searched."
 
On that special day, Scott Davis, ([email protected]) said...
Both files were considered "clean" by
all the scanners. That's reassuring, although its still a mystery.
Perhaps they are benign, but I don't recall installing any new
programs yesterday.
Click to expand...

There have been cases when infections and malicious attacks had started
so recently, that no anti virus scanner had already the signatures
updated, to detect said malware. I wouldn't feel to safe until a week
or so later.

Especially as there is a new and *very* aggressive exploit there, that
abuses the shimgvw.dll by having it open a manipulated WMF picture.
This kind of attack is new, and would go even below the heuristics
radar.

See this:
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://www.f-secure.com/weblog/ (note the Google desktop problem)
http://isc.sans.org/diary.php?storyid=975

I hope, you didn't visit the sites mentioned in the F-Secure blog.


Gabriele Neukam

(e-mail address removed)
 
Scott Davis wrote:
My daughter (who is just discovering the

My condolences:) I've been there, done that. Perhaps, you should
consider assigning here a user account, rather than full administrator
rights. Tell her she has to earn admin privileges.
Click to expand...

Thanks for the advice.
 
On that special day, Scott Davis, ([email protected]) said...


There have been cases when infections and malicious attacks had started
so recently, that no anti virus scanner had already the signatures
updated, to detect said malware. I wouldn't feel to safe until a week
or so later.

Especially as there is a new and *very* aggressive exploit there, that
abuses the shimgvw.dll by having it open a manipulated WMF picture.
This kind of attack is new, and would go even below the heuristics
radar.

See this:
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://www.f-secure.com/weblog/ (note the Google desktop problem)
http://isc.sans.org/diary.php?storyid=975

I hope, you didn't visit the sites mentioned in the F-Secure blog.


Gabriele Neukam

(e-mail address removed)
Click to expand...

Gabriele,
Thanks a lot for the advice and links. I don't think my daugher hit
this new exploit, but I've followed the advice on the f-secure site
and unregistered shimgvw.dll for the time being.

Thanks,
Scott
 
Scott Davis said:
Two files appeared in "C:\WINDOWS\SYSTEM32\DRIVERS" yesterday:

1. litsgt.sys
2. tansgt.sys

Can anyone tell what they are for, or where I might be able to find
more information about them? I couldn't find anything on google, or
any of several device driver web sites I searched.
Click to expand...

Right-click -> "Properties" -> "Version" tab (if there is one) may
give some clues.
 
Back
Top