What The Heck Is Sys6925.Config Collection.sys?

dasfox

I just installed JV16 Power Tools and noticed in this path;

C:\Documents and Settings\SAR\Application Data

That it installs a file called, Sys6925.Config Collection.sys

Does anyone know what is this file? Some places on the web have considered this to be malware, but I don't believe this is the case, but I'd appreciate knowing what it is?

THANKS

jv16

I have no idea about that file, but I'd like to point out that it has nothing to do with PowerTools. PowerTools doesn't install or create such file.

jepe

Hello,

I had also this file in my system ...

Simply deleting this file and then installing jv16 Powertools shows that this software doesnot install the incriminated file.

My search by Goggle gave a reference to Ask Toolbar.

May be this may help.

Jean-Paul

davidco

It's created by a rogue program - nothing to do with JV PT at all

It is easy enough to delete, but it will just be recreated.

To me it looks like the best way to deal with the causes of this is a live CD from an Anti Virus vendor

dasfox

I just put back a clean image of my system from Image For Windows that I created so that I was starting clean, then I downloaded a copy of JV16 and when I went to install it, after the install was complete it installed the file.

Make sure you have the protected system files not hidden and have a look, you'll see it's installing this.

I also made a video so watch that and see the truth for yourself, JV16 is installing this, I've tested this out for 2 days now on several clean images, nothing else was installing this on my box only JV16...

I would like macecraft to explain this? :

Video:

http://www.mediafire.com/?tdqgq23fr7xfol6

jv16

Sorry, we encountered an error while displaying this content. If you're a user, please try again later. If you're an administrator, take a look in your Flarum log files for more information.

davidco

I did a search and found many including but not limited to dasfox

A lot do not mention JV16 at all

eg: http://forums.majorgeeks.com/showthread.php?s=2962f04fbcff554655ece170560c5bfc&p=1529958#post1529958

jv16

DasFox, can you reproduce this in Windows Safe Mode?

jepe

Hello,

Well for me fact is, that even after several installs of PowerTools - on a XP/SP3 and a Win7 x64 - such a file does not exist on my system partition (C:\).

Jean-Paul

davidco

Win Vista 32bit - no file/files (sys6925)

tullik

*** Voided by the poster *** 00

tullik

File Finder bug: moved to the correct topic: http://www.macecraft.com/phpBB3/viewtopic.php?p=26070#p26070

dasfox

Sorry, we encountered an error while displaying this content. If you're a user, please try again later. If you're an administrator, take a look in your Flarum log files for more information.

dasfox

Sorry made a double post by mistake, you can delete this... :(

davidco

DasFox

I did not think you tampered with anything :

I used Copernic Personal, so did not limit the results

I also used boolean strings to ensure I caught the offensive files 'on their own'

'tis a puzzle :?

leonardo

tullik wrote
I found the subject file on my x64 Windows 7 system at C:\Users\Owner\AppData\Roaming\Sys6925.Config Collection.sys.

Confirmed for my W7 x86 system with build 976, file dated 19-August-2010 08 am, so which jv16PT build was that, before 970?

DasFox.jpg

aagaard

Regarding the file "Sys6925.Config Collection.sys":

I have been looking for the mentioned file on 3 different PC's.

(they all have JVPT 976 installed and all previous installed with earlier versions of JVPT this year)

The results:

WinXP-SP3: No such file

Win7 x64 (PC1): No such file

Win7 x64 (PC2): No such file

If this file originates from installation af JVPT16 in any way it would have been found on these machines.

So I dont believe that this file in any way originates from the installation of JVPT16 - look for the reason elsewhere :

leonardo

Sorry, we encountered an error while displaying this content. If you're a user, please try again later. If you're an administrator, take a look in your Flarum log files for more information.

tullik

*** Voided by the poster *** 01

dasfox

Sorry, we encountered an error while displaying this content. If you're a user, please try again later. If you're an administrator, take a look in your Flarum log files for more information.