What is CHODDI.sys ?

I have this file, choddi.sys, in system32. Don't know what it is. Have looked at Prevx, CastleCops, WSI forums, Microsoft, other places. The file shows up in HJT logs on these sites, where someone has asked for help, then it seems that when they finally get a clean HJT log, the choddi file is gone. I can't find out what it is.

May be a dumb question, something everybody already knows, but any info would be appreciated.

Thank you.

You can scan it for infection using (any of these three should suffice):

* http://www.virustotal.com/

* http://virusscan.jotti.org/

* http://scanner.virus.org/

They scanned it, none found anything, probably nothing. Paranoia. :P

Thanks for those links. Very helpful.

Thanks for those links. Very helpful.

Yeah I've got all three bookmarked in case one of them has too many users and puts me in a long queue state. It's definitely quicker than doing some full online scan that can take over an hour, but by all means if you think you have an infection scan with BitDefender's online scanner (requires Internet Explorer):

http://www.bitdefender.com/scan8/ie.html

Actually was more worried about a rootkit, but Sophos, gmer, RKR, and Icesword show none. Learned about all those utilities on this forum, by the way. They are really useful and free. I appreciate all the knowledge that goes into these posts. :D

Actually was more worried about a rootkit, but Sophos, gmer, RKR, and Icesword show none. Learned about all those utilities on this forum, by the way. They are really useful and free. I appreciate all the knowledge that goes into these posts. :D

try rootkit unhooker, from all the buzz it seems to be the best antirootkit around surpassing icesword, darkspy, rkr etc..

http://wiki.castlecops.com/Online_antivirus_scans also has a very (perhaps too) complete list of online scanners.

gmer seems to be the best rookit scanner program from what I've read. I really doubt he has a rootkit anyway considering all the scans he did

thanks for the suggestions, Lusher and XanaTos112. Have roorkit unhooker downloaded, not yet installed. I also saw some really good reviews of it. Will be quite a while before I get to use it. Thanks again. :)

gmer seems to be the best rookit scanner program from what I've read. I really doubt he has a rootkit anyway considering all the scans he did

I doubt he has a rootkit either. Just saying rootkit unhooker does seem to best based on the review of antirootkit tool done a while ago.

GMER is perhaps more famous thanks to the whole DOS thing they got. And there is bad blood between the two authors...