Help
avast detecting sfloppy.sys as hidden rootkit.
There have been numerous reports of this detection since early this morning.
As reported in this topic: Rootkit hidden filefloppy sys, the detection appears to be a false positive as of the last database update. Since many of our members use avast, I wanted to post the information so everyone is aware.
I received the same notification after booting up an hour ago and the database was updated. I submitted the file to virustotal and it came back clean so I choose to ignore it. No official confirmation from avast yet but users should monitor the topic for further replies.
False Positives in antivirus-programs
Back to top
#32
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,513
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 07 December 2011 - 08:49 AM
Quote
Reply #67 from Milos: Yesterday at 02:58:10 PM
Hello,
the issue (causing false positive) was resolved. VPS will be released asap.
Milos
Hello,
the issue (causing false positive) was resolved. VPS will be released asap.
Milos
Microsoft MVP - Consumer Security 2007-2012 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#33
- New Member
-
- Group: Members
- Posts: 2
- Joined: 13-January 12
Posted 13 January 2012 - 09:06 AM
Had a problem with Avast this morning:
Version: 6.0.1367 FREE
Virus Definition: 12112-1
Downloading Combofix...
From Web Log:
1/13/2012 7:54:59 AM
http://download.bleepingcomputer.com/sUBs/ComboFix.exe|>$0\pev.3XE|>[PECompact]
[L] Win32:Rootkit-gen [Rtk] (0)
FYI
Archer12
Version: 6.0.1367 FREE
Virus Definition: 12112-1
Downloading Combofix...
From Web Log:
1/13/2012 7:54:59 AM
http://download.bleepingcomputer.com/sUBs/ComboFix.exe|>$0\pev.3XE|>[PECompact]
[L] Win32:Rootkit-gen [Rtk] (0)
FYI
Archer12
#34
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,513
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 13 January 2012 - 09:30 AM
avast! has been reporting it as Win32:Rootkit-gen for the past three days now. See here .
Read my reply to another user as to why.
The problem is really with the anti-vendors who keep targeting these embedded files and NOT with ComboFix. We can inform the developer but he has encountered this issue many times before and in most cases there isn't much he can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database but avast is taking longer this time.
Read my reply to another user as to why.
The problem is really with the anti-vendors who keep targeting these embedded files and NOT with ComboFix. We can inform the developer but he has encountered this issue many times before and in most cases there isn't much he can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database but avast is taking longer this time.
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#35
- New Member
-
- Group: Members
- Posts: 2
- Joined: 13-January 12
Posted 13 January 2012 - 09:37 AM
The problem has been rectified:
Avast Update
Definition update: 120113-0
Thanks
archer12
Avast Update
Definition update: 120113-0
Thanks
archer12
#36
- Bleeping chocoholic
-
- Group: Malware Study Hall Senior
- Posts: 1,195
- Joined: 25-August 08
- Gender:Male
- Location:UK
Posted 11 March 2012 - 08:32 AM
Antivirus: Avast
Version: 7.0.1426 Free
Virus Definition: 120310-2
Scan Log:
11/03/2012 12:00:00
Infected files: 1
Process 888 [rapportmgmtservice.exe], memoryblock 0x0000000000400000, block size 937984 (RapportMgmtService.exe)
Severity: High
Threat: Win32:MalOb-JN[Cryp]
Screenshot of avast log
dev0070
Version: 7.0.1426 Free
Virus Definition: 120310-2
Scan Log:
11/03/2012 12:00:00
Infected files: 1
Process 888 [rapportmgmtservice.exe], memoryblock 0x0000000000400000, block size 937984 (RapportMgmtService.exe)
Severity: High
Threat: Win32:MalOb-JN[Cryp]
Screenshot of avast log
dev0070
Regards, dev00790
---------------------------------------
Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"
I do not reply to PMs asking for assistance - please use the forums instead.
Member of the Bleeping Computer A.I.I. early response team! If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM.
---------------------------------------
Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"
I do not reply to PMs asking for assistance - please use the forums instead.
Member of the Bleeping Computer A.I.I. early response team! If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM.
#37
- Member
-
- Group: Members
- Posts: 45
- Joined: 22-February 12
Posted 13 March 2012 - 11:15 PM
Oh! ya it's really good idea, Many people will come to know about.
#38
- Bleeping chocoholic
-
- Group: Malware Study Hall Senior
- Posts: 1,195
- Joined: 25-August 08
- Gender:Male
- Location:UK
Posted 29 April 2012 - 06:34 AM
Antivirus: Avast
Version: 7.0.1426 Free
Virus Definition: 120429-0
Web Shield Log:
29/04/2012
URL: http//oldtimer.geekstogo.com/OTL.exe
Severity: High
Threat: Win32:Rootkit-gen [Rtk]
Action: Blocked
Screenshot of popup
edit: typo
Version: 7.0.1426 Free
Virus Definition: 120429-0
Web Shield Log:
29/04/2012
URL: http//oldtimer.geekstogo.com/OTL.exe
Severity: High
Threat: Win32:Rootkit-gen [Rtk]
Action: Blocked
Screenshot of popup
edit: typo
This post has been edited by dev00790: 29 April 2012 - 06:35 AM
Regards, dev00790
---------------------------------------
Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"
I do not reply to PMs asking for assistance - please use the forums instead.
Member of the Bleeping Computer A.I.I. early response team! If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM.
---------------------------------------
Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"
I do not reply to PMs asking for assistance - please use the forums instead.
Member of the Bleeping Computer A.I.I. early response team! If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM.
