Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVGfree rootkit scan finds 0 rootkits but 8 "infected" hidden objects?


  • Please log in to reply
3 replies to this topic

#1 jackstarr

jackstarr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 14 April 2011 - 01:45 AM

Hi

I'm using Windows XP Home.

I had an infection a year or so back that I thought had been solved by a combination of AVGfree (which had let something through in the first place!), Avast, Adaware, Spybot S&D and Malwarebytes. Once I thought I was free of viruses, I uninstalled AVG and Malwarebytes so I was just using Avast.

I've been doing regular scans and updating antivirus regularly.

Last month, the Avast Outlook plug-in kept freezing outlook when I was sent any spam email containing a virus - so I had to control/alt/delete to close Outlook and try again, and eventually would receive all the emails.

Yesterday I installed AVGFree 2011 & uninstalled Avast. Today I did my first anti-rootkit scan, and it tells me it finds "0 rootkits" but there are 8 files listed as "object is hidden".

Are these files safe to delete via AVGFree 2011, or could it prevent my computer from working?

Thanks in advance for your assistance.

My AVGFree log is as follows:

"";"\WINDOWS2\System32\Drivers\PCIIDEX.SYS";"IRP hook, \Driver\IntelIde IRP_MJ_PNP -> PCIIDEX.SYS PciIdeXDebugPrint+0x2D80";"Object is hidden"
"";"\WINDOWS2\System32\Drivers\PCIIDEX.SYS";"IRP hook, \Driver\IntelIde IRP_MJ_INTERNAL_DEVICE_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2E38";"Object is hidden"
"";"\WINDOWS2\System32\Drivers\PCIIDEX.SYS";"IRP hook, \Driver\IntelIde IRP_MJ_POWER -> PCIIDEX.SYS +0x692";"Object is hidden"
"";"\WINDOWS2\System32\Drivers\PCIIDEX.SYS";"IRP hook, \Driver\IntelIde IRP_MJ_SYSTEM_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2DB4";"Object is hidden"
"";"\WINDOWS2\System32\Drivers\PCIIDEX.SYS";"IRP hook, \Driver\PCIIde IRP_MJ_PNP -> PCIIDEX.SYS PciIdeXDebugPrint+0x2D80";"Object is hidden"
"";"\WINDOWS2\System32\Drivers\PCIIDEX.SYS";"IRP hook, \Driver\PCIIde IRP_MJ_POWER -> PCIIDEX.SYS +0x692";"Object is hidden"
"";"\WINDOWS2\System32\Drivers\PCIIDEX.SYS";"IRP hook, \Driver\PCIIde IRP_MJ_SYSTEM_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2DB4";"Object is hidden"
"";"\WINDOWS2\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_PNP -> CLASSPNP.SYS ClassDebugPrint+0x6FB";"Object is hidden"

BC AdBot (Login to Remove)

 


#2 pip22

pip22

  • Banned
  • 341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 14 April 2011 - 04:55 AM

Those hidden objects all refer to vital Microsoft device drivers for motherboard components:

The first six items refer to the file PCIIDEX.SYS which is the PCI IDE Bus Driver Extension.
The last item refers to the file CLASSPNP.SYS which is the SCSI Class System Dynamic Link Library.

Both files are built in to Windows and are essential - Do not delete!.

#3 jackstarr

jackstarr
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 14 April 2011 - 05:33 AM

Thank you very much for your advice - I suspected as much, but was very close to deleting them in my paranoia!

Do you know if this means that the files have actually been infected and are still dangerous or if they're just remnants of a healed infection?

Thanks again

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,902 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:47 PM

Posted 14 April 2011 - 09:49 AM

Based on the fact that AVG has some false detections...I would uninstall it and install Avira Free , update it and run a full scan.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users