I’ve been seeing an error regarding a service mst attempting to load a file mst.sys from the %windir%\temp location. This fails as Microsoft blocks it as incompatible.
The service name reported doesn’t exist as a service - I cannot find a service by the name mst, and no reference to the mst.sys file in any registry space. It is, quite frankly, very dodgy in appearance. Virus total however don’t report any product detecting it as malware.
I’ve come here to ask about it as the mst.sys file is signed my Mellanox Ltd.
I’d like to know if it is legitimately your file, and if so how its being loaded, why its using a temp folder and how to stop it. The server with the issue does not have any Mellanox hardware installed.
The files SHA256 is 8b9e2791e8e2312ff75c57a512f628c61632667b990543b824f3932945177
Is there anyone that can help with my follow up query?
We have another server that started reporting the same issue and had the file appear on it last week, after that the server started crashing repeatedly. It appears your file is being used for “bad things” of some description so I’d like to confirm hashes and the like.
As far as I know mst.sys driver module is used for accessing the HW register of mellanox adapters, our toolkit (MFT) is one example of an application that is using it.
is there any chance you can compare the file in your toolkit to the hash I provided? or provide me with a link to the toolkit?
Unfortunately as the server, indeed this site, doesn’t have any Mellanox equipment in it I still don’t know why this file as appeared on one of the servers. If it only serves to access hardware registers it seems completely unneeded.
Can this file be bundled with other products legitimately? How many versions of the mst.sys file are there? I want to continue investigating the issue as it’s so completely out of place on the site and hasn’t been knowingly installed which is of serious concern.
This can happen if you (accidentally) install the 32 bit version of Dell Open Manage Server Administrator on a server running 64 bit Windows Server 2008 R2. Ask me how I know:-)
I realize that this thread is a bit stale, but I ran into the issue you describe on my Win 10 box. I inadvertently ran mlxup while a copy was in my user account folder. mlxup apparently created a completely restricted, inaccessible, file (MLXUP~1) in \AppData\Local\Temp that denies access to updating firmware. Might anyone have a clue as to how to get rid of it so I can update my firmware?