Unanswered Question
Oct 11th, 2007
User Badges:

Hi, I've just installed CSA agent on a host and right away CSA has detected the dsload.sys has modified the kernel and put the host into rootkit system state. I've searched the sites and found out dsload.sys is belong to Oracle however I am not able to find any information about this file. Will this file be a threat to the system? Have any one seen this before?

Kernel functionality has been modified by the module C:\WINNT\System32\drivers\dsload.sys. The module 'C:\WINNT\System32\drivers\dsload.sys' is used by entries in the System syscall table. The specified action was taken to set detected rootkit as Untrusted.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tsteger1 Fri, 10/12/2007 - 11:37
User Badges:
  • Red, 2250 points or more

It sounds like it is the Oracle driver if it is in the correct location.

You should be safe creating a trusted rootkit exception rule for @System\drivers\dsload.sys.



This Discussion