eddman Posted September 16, 2014 Share Posted September 16, 2014 There's this rsdrvx64.sys kernel driver installed.In the properties it says that it belongs to a program called RawDisk from Eldos, but I never installed such a thing. The program itself isn't installed; just the driver.Does anyone know what this driver does and where it could've came from? Could it be related to a malware? ESET and malwarebytes didn't find anything. Also, how do I even uninstall kernel drivers? Do I just delete them from the system32/drivers folder? Is there a way to disable them without removing? Link to comment Share on other sites More sharing options...
Max Norris Posted September 16, 2014 Share Posted September 16, 2014 EldoS makes the driver, they do stuff like virtual file systems and the like, used by third parties in their own products.. might be used with an application you have installed. That said, Process Hacker lets you start/stop/disable/etc drivers pretty easily. You'll see a lot of drivers, many of which aren't running. Obviously first thing to check is to see if it's actually in use before you do anything with it.. a backup probably wouldn't be a bad idea either, one of those things that could seriously break your system if you mess up. Link to comment Share on other sites More sharing options...
eddman Posted September 16, 2014 Author Share Posted September 16, 2014 EldoS makes the driver, they do stuff like virtual file systems and the like, used by third parties in their own products.. might be used with an application you have installed. That said, Process Hacker lets you start/stop/disable/etc drivers pretty easily. You'll see a lot of drivers, many of which aren't running. Obviously first thing to check is to see if it's actually in use before you do anything with it.. a backup probably wouldn't be a bad idea either, one of those things that could seriously break your system if you mess up. Ok, I disabled it from startup. I have no idea which program could possibly be using this. Link to comment Share on other sites More sharing options...
Max Norris Posted September 16, 2014 Share Posted September 16, 2014 Ok, I disabled it from startup. I have no idea which program could possibly be using this. Might still be in your event logs, worth taking a peek anyway. Can search the system log, the setup action log, check the modified timestamp of the driver, etc. May give a clue. If it's signed and not tampered with though it's going to break something on your system that need it when it tries to use it though since you disabled it.. an error when whatever application starts up is kind of a dead giveaway. Link to comment Share on other sites More sharing options...
eddman Posted September 16, 2014 Author Share Posted September 16, 2014 Might still be in your event logs, worth taking a peek anyway. Can search the system log, the setup action log, check the modified timestamp of the driver, etc. May give a clue. If it's signed and not tampered with though it's going to break something on your system that need it when it tries to use it though since you disabled it.. an error when whatever application starts up is kind of a dead giveaway. I didn't remember it at the time, but I just realized I installed some file recovery programs a while ago but uninstalled them. One of them must have left that driver behind. Link to comment Share on other sites More sharing options...
Recommended Posts