Had two teachers down today with Symantec saying it has detected ddnt.sys in system32/drivers as a virus of hacktool.rootkit.
I'm assuming its the definition update that has now listed something we already had installed but I can't find any reference to ddnt.sys
Help plz!?!
it's not on my desktop but has been on the 4 laptops i have checked so far, so i'm guessing something like promethean install or some software we have loaded on to all laptops
This uses ddnt.sys
http://www.microcosm.co.uk/dinkey.shtml
We had this problem yesterday with the latest Symantec definitions, and it only seems to have occured on a handful of teachers' machines. I couldn't get a copy of the file to inspect though (Symantec deleted it each time).
I saw the dinkey dongle thing but as far as I'm aware nobody has anything like that.
I have a machine where i can see the file but haven't accessed it yet so i'll try to stop symantec and see.
Someone else has reported this on the RM forum. They are saying that it is part of ActivStudio2 and is located in windows\system32\drivers\.
HTH
yeah it was in /drivers. i had a feeling it was promethean related as there's not much else that is rolled out across the whole laptops.
cheers for that
Just an update, we still have ActivStudio2 installed and it's on the first cd of that. The cd where you install the driver or the actual software etc.
I don't know if this is the same for v3, I also don't know if Symantec quaratining or deleting this file adversely affects the boards operation.
Does anyone know which email addy you send false positives to symantec?
http://www.symantec.com/avcenter/submit.html
Also, you should inform Promethean.
Thanking you muchly
I've just reported it to Promethean, just waiting for a reply.
We’ve got the same problem. Activboard is installed on most of the schools machines even when there’s no board attached as the kids like the games on them. I’ve extracted the ddnt.sys file from a ghost image we have dating back to August last year and that’s being detected as a virus so I’m hoping that it’s a false positive.
Support at Promethean say it’s a left over file from the usb dongle that they use a while back. If you are using the latest version of Activboard and driver the file can be deleted
Just had this e-mail from Promethean -
Thankyou for bringing this to our attention. We have already had another antivirus program identify this as a virus, but thankyou for letting us know about yours.
The file in question was used for a product we used to supply. On the newer versions of the software, this file was re - written, and thus does not cause any problems with antivirus software.
Please note, the file in question is absolutely fine, and is indeed not a virus. If you require to, you can simply remove the file, or tell the antivirus program that it is not a virus, and for it to be excluded from the virus list.
Thankyou again for bringing this to our attention, but as I say, there is nothing to worry about with the file in question.
yeah, that comment was from me via support. yes ddnt.sys is from the dinkey dongle usb driver, this is the dongle we used for older panels and tablets. Older models of those tablets couldnt provide the hardware key to activstudio to remove the watermark and enable all features, hence the dongle. These days it isn't needed but we include the driver in the software install in case anyone is using older software.
Thanks to your reports (and also one from denmark) we have fixed this and future releases of the software shouldnt have this problem. The antivirus programs are flagging it up as a rootkit I believe, however not all of these are malicious and this isn't really behaving like a rootkit. The antivirus is mistaking the way it monitors for a USB device as a virus.
currently it is safe to add this to the exclude list or delete the file if you arent using a dongle.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks