Fake .sys file?

[DJ EHKOS]

Hi, I am using Vista Home Premium 64bit and Trend Micro anti virus+ anti spyware.
I was playing 2moons for about three weeks before this happened. Changes that have occured include me being made an admisinstrator and UAC being turned off. I started playing 2moons and after a minute it froze up.Trend Micro alerted me that a program was trying to make unauthorized changes and it didn't help when I allowed or didn't allow said change.It now happens everytime I run 2moons but only that program. I tracked it to my Local\Temp folder and its name fluxuates. Its called yvnta.sys and will move around the first three-four letters each time it tries to change something. I scanned it with TM but it found nothing. its about 10 kb. Is this a legit sys file, if not should i delete it? Let me know if you need more info.
I moved it to the recycle bin and ran the program agian, now there is another file named yvatn.sys. they are now both in the recycle bin. Could it be coming from 2moons?

 

[Dwarf]

Hi EHKOS and welcome to Vista Forums

Is this a legitimate version of 2moons? Google has no information on either variant af the file you mentioned, which is suspicious. It could be that this file is part of the security features of this program, but its behaviour, particularly the dynamic changing of its name is alarming.

You can try to see if scanning with either or both of these online sites reveals anything.
Online File Scanner Sites - Windows 7 Forums

 

[DJ EHKOS]

Yes, I got the program off of the acclaim website, I even un/reinstalled it.
I ran it through both those online scanners and they found nothing.
I ran 2moons again with the file in the recycling bin and another one was created in the same spot local\temp, with a slightly varied name.

 

[Dwarf]

Have you checked their forums to see if anyone else has the same issues?

http://phpbb.acclaim.com/2moons/index.php
http://forum.mmosite.com/list.php?id=168&sid=169

 

[DJ EHKOS]

I couldn't find anything that metions something like this. I don't really care about the game running, I just don't want this file to be malicous and I don't want to delete a system file.

 

[Submarine]

Changes that have occured include me being made an admisinstrator and UAC being turned off.
...
I tracked it to my Local\Temp folder and its name fluxuates. Its called yvnta.sys and will move around the first three-four letters each time it tries to change something.

This does not sound very good, and I cannot think any legitimate software be doing this.

I suggest you start by performing some serious virus scanning. I am running x86 myself, but I think these three will run in 64 bit. Download and install the free editions of Malwarebytes, Spybot and SuperAntiSpyware. You do not have to install them all at once, try them one by one. Do not install anything memory resident (as Tea Timer), just use them on-demand. Run them from both normal and safe mode. Also try Vistas MRT, that's actually a good start.

You can also try some on-line scanners like e.g. ESET, Kaspersky and MS Live one-care.

 

[DJ EHKOS]

I ran it through all the online scanners, Malwarebytes, and Spybot. Surprisingly nothing was found so i opened it using notepad and it looks corrupt. I decided to delete it and uninstall 2moons. I want to thank you both for your help, and I hope I can be of help to people too :D.

 

[JMH]

I ran it through all the online scanners, Malwarebytes, and Spybot. Surprisingly nothing was found so i opened it using notepad and it looks corrupt. I decided to delete it and uninstall 2moons. I want to thank you both for your help, and I hope I can be of help to people too :D.

Thank you for posting back.
We look forward to you helping out in due course.

 

[Submarine]

Ditto