Hello I have just run my root-kit for the first time and have 350 come
up"";"C:\WINDOWS\system32\dla\tfsnifs.sys";"IRP hook, \FileSystem\Fs_Rec IRP_MJ_FILE_SYSTEM_CONTROL -> tfsnifs.sys GetSystemType+0xC53D";"Object is hidden"
This is a copy of just one should i remove - how do i know if they are legitimate programs or should they be removed.
please be informed that the tfsnifs.sys file belongs to drive letter access, usually connected to disc burning software.
how do i know if they are legitimate programs or should they be removed
Searching the filename on Internet provides initial information. You may then uninstall the related software temporarily to check whether the anti-rootkit detection is not present. Also, please check the FAQ 2353 article.
You may also send us the detected drivers for analysis as described in the "How To Handle Infection Suspicion?" post if some obviously suspicious file is detected by the scan (however, please check the FAQ 2346 article first).