Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 5868 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Are MEMSWEEP2 and FB50.tmp from Sophos Anti-Rootkit?

joel99

After I install Sophos Anti-Rootk it, even logs shows errors about MEMSWEEP2 and FB50.tmp

Windows 7 64bit.

The MEMSWEEP2 service failed to start due to the following error:
This driver has been blocked from loading

-System


-Provider



[ Name]Service Control Manager



[ Guid]{555908d1-a6d7-4695-8e1e-26931d2012f4}



[ EventSourceName]Service Control Manager


-EventID7000



[ Qualifiers]49152



Version0



Level2



Task0



Opcode0



Keywords0x8080000000000000


-TimeCreated



[ SystemTime]2010-07-16T19:11:19.530097100Z



EventRecordID63912



Correlation


-Execution



[ ProcessID]448



[ ThreadID]2848



ChannelSystem



Computerjohan-PC



Security
-EventData


param1MEMSWEEP2


param2%%1275
:3965


This thread was automatically locked due to age.
  • 0

    \??\C:\Windows\system32\FB50.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    -System


    -Provider



    		[ Name]Application Popup


    -EventID1060



    		[ Qualifiers]49152



    		Level2



    		Task0



    		Keywords0x80000000000000


    -TimeCreated



    		[ SystemTime]2010-07-16T19:11:19.530097100Z



    		EventRecordID63911



    		ChannelSystem



    		Computerjohan-PC



    		Security
    -EventData







    		\??\C:\Windows\system32\FB50.tmp



    		000000000200300000000000240400C0000000006B0300C000000000000000000000000000000000

    Binary data:

    In Words

    0000: 00000000 00300002 00000000 C0000424
    0008: 00000000 C000036B 00000000 00000000
    0010: 00000000 00000000

    In Bytes

    0000: 00 00 00 00 02 00 30 00 ......0.
    0008: 00 00 00 00 24 04 00 C0 ....$..À
    0010: 00 00 00 00 6B 03 00 C0 ....k..À
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........

    :3966
  • 0

    Hi,

    The memsweep2 file is from Sophos can't verify the temp file but probably yes as well. Currently SAR doesn't support 64bit which is why the errors appeared.

    Shai Gelbaum

    Product manager

    :4307