Question : wxqwa.sys file found in system32/drivers...is this malware?

I'm running a Microsoft SBS 2003 and have had spam problems lately.  Indications are that I'm fected with some type of spaming bot.  I've run Sophos' Anti-Rootkit program and it came back and said that it found an unknown file:
C:\Windows\System32\drivers\wxqwa.sys

It said that it is an unknown file but recommended against deleting it.  I've looked to see what this file may be or what it does but I've found nothing so far.  Does anyone know if this is an essential file or perhaps malware?

Answer : wxqwa.sys file found in system32/drivers...is this malware?

I'm not sure how to get the above code working. This is code I use to access web pages. It's third or fourth generation and pretty robust. This is a complete code module.

' clsInternetConnection
'
' Class provides functionalty to read web pages.
'
' Implemented as a class module for use with any VB or VBA project.
'
' © 2008-2010 Kevin M. Jones

Option Explicit

Private Const INTERNET_OPEN_TYPE_PRECONFIG = 0
Private Const INTERNET_FLAG_RELOAD = &H80000000
Private Const INTERNET_FLAG_PRAGMA_NOCACHE = &H100
Private Const INTERNET_OPTION_RECEIVE_TIMEOUT As Long = 6

Private Const UserAgent = "VB"

Private mConnectionHandle As Long
Private mTimeoutSeconds As Long

Private Declare Function InternetCloseHandle Lib "wininet" ( _
     ByRef hInet As Long _
  ) As Long

Private Declare Function InternetOpen Lib "wininet" Alias "InternetOpenA" ( _
     ByVal sAgent As String, _
     ByVal lAccessType As Long, _
     ByVal sProxyName As String, _
     ByVal sProxyBypass As String, _
     ByVal lFlags As Long _
  ) As Long

Private Declare Function InternetOpenUrl Lib "wininet" Alias "InternetOpenUrlA" ( _
     ByVal hInternetSession As Long, _
     ByVal lpszUrl As String, _
     ByVal lpszHeaders As String, _
     ByVal dwHeadersLength As Long, _
     ByVal dwFlags As Long, _
     ByVal dwContext As Long _
) As Long

Private Declare Function InternetReadFile Lib "wininet" ( _
     ByVal hFile As Long, _
     ByVal sBuffer As String, _
     ByVal lNumBytesToRead As Long, _
     lNumberOfBytesRead As Long _
  ) As Integer
 
Private Declare Function InternetSetOption Lib "wininet.dll" Alias "InternetSetOptionA" ( _
     ByVal hInternet As Long, _
     ByVal dwOption As Long, _
     ByRef lpBuffer As Any, _
     ByVal dwBufferLength As Long _
  ) As Long

Private Sub Class_Initialize()

  mConnectionHandle = InternetOpen(UserAgent, INTERNET_OPEN_TYPE_PRECONFIG, vbNullString, vbNullString, 0)
  If mConnectionHandle = 0 Then
     MsgBox "Unable to open an Internet connection. The most likely cause is too many handles have been created."
  End If
  mTimeoutSeconds = 30

End Sub

Private Sub Class_Terminate()

  InternetCloseHandle mConnectionHandle
     
End Sub

Public Function GetWebPage( _
     ByVal URL As String, _
     Optional ByVal ProxyUserID As String, _
     Optional ByVal ProxyPassword As String, _
     Optional ByVal TimeoutSeconds As Long _
  ) As String

' Get a web page.
'
' Syntax
'
' GetWebPage(URL, [ProxyUserID], [ProxyPassword])
'
' URL - A complete URL to a web page.
'
' ProxyUserID - The user ID for the proxy server, if any. Optional. If omitted
'   then no proxy server is assumed.
'
' ProxyPassword - The password for the proxy server. Optional. Ignored if
'   ProxyUserID is omitted.
'
' TimeoutSeconds - The number of seconds to wait until timing out. Optional.
'   If omitted then 30 seconds is used.

  Dim ConnectionHandle As Long
  Dim URLHandle As Long
  Dim BytesRead As Long
  Dim Result As Boolean
  Dim InputBuffer As String * 10000
  Dim PageContent As String
  Dim SecurityData As String
 
   If Len(ProxyUserID) > 0 Then
     SecurityData = ProxyUserID
     If Len(ProxyPassword) > 0 Then
        SecurityData = SecurityData & ":" & ProxyPassword
     End If
     SecurityData = SecurityData & "@"
     URL = Replace(URL, "://", "://" & SecurityData)
  End If
 
   If TimeoutSeconds = 0 Then TimeoutSeconds = mTimeoutSeconds
 
   If mConnectionHandle <> 0 Then
     Result = InternetSetOption(mConnectionHandle, INTERNET_OPTION_RECEIVE_TIMEOUT, TimeoutSeconds * 1000, Len(TimeoutSeconds))
     URLHandle = InternetOpenUrl(mConnectionHandle, URL, vbNullString, 0, INTERNET_FLAG_RELOAD Or INTERNET_FLAG_PRAGMA_NOCACHE, 0)
     If URLHandle <> 0 Then
        Do
           InputBuffer = vbNullString
           Result = InternetReadFile(URLHandle, InputBuffer, Len(InputBuffer), BytesRead)
           PageContent = PageContent & Left(InputBuffer, BytesRead)
        Loop While BytesRead > 0
        InternetCloseHandle URLHandle
     End If
  End If
 
   GetWebPage = PageContent
 
End Function

Public Property Get ValidInternetConnection() As Boolean

  ValidInternetConnection = mConnectionHandle <> 0

End Property

Public Property Get TimeoutSeconds() As Long

  TimeoutSeconds = mTimeoutSeconds

End Property

Public Property Let TimeoutSeconds( _
     ByVal Value As Long _
  )

  mTimeoutSeconds = Value

End Property

Kevin
Random Solutions  
 
programming4us programming4us