Hi, I've just installed CSA agent on a host and right away CSA has detected the dsload.sys has modified the kernel and put the host into rootkit system state. I've searched the sites and found out dsload.sys is belong to Oracle however I am not able to find any information about this file. Will this file be a threat to the system? Have any one seen this before?
Kernel functionality has been modified by the module C:\WINNT\System32\drivers\dsload.sys. The module 'C:\WINNT\System32\drivers\dsload.sys' is used by entries in the System syscall table. The specified action was taken to set detected rootkit as Untrusted.