Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Avast identifies sfloppy.sys as Root Kit

  • Please log in to reply
2 replies to this topic

#1 balfiecat


  • Members
  • 68 posts
  • Gender:Female
  • Location:Alaska
  • Local time:05:59 AM

Posted 06 December 2011 - 11:29 AM

Avast free detected a root kit a couple hours ago (I was in a support chat for a game or I would have been here immediately!)

The file is c:\windows\system32\drivers\sfloppy.sys
High severity Threat: Rootkit : system modification

Edit: According to http://forum.avast.com/index.php?topic=89968.0 it is probably a false positive

I was not able to repair or move to chest. Have screen cap.
Avast recommends running boot time scan and i have not done so yet because I want to try to back up photos first - it has been a few months.

Immediate concern: If I save photos to external drive will I simply reinfect whatever computer I open them in later or infect the external hard drive? I do not understand root kits.

I have to leave town in 2 hours (it is 7:24 am here) and I think i should run the boot time scan before i go . However, I do not want to risk losing photos. Also I do not know if waiting to run that scan allows more damage by root kit to occur

Window XP home edition SP3
Avast Free 6.0.1367
definitions 111206-1
Actually it just updated the definitions again so it was the previous set.

ZoneAlarm Free Firewall version:
vsmon version:
Driver version:
ZoneAlarm Browser Security: 1.5.350.0
ZoneAlarm ForceField Spyware Scanner: 1.5.350.0
ZoneAlarm ForceField Anti-Phishing Database:
ZoneAlarm ForceField Spyware Sites Database: 04.155

I have a Gateway GX7018E - about 6 years old.
No router

I do not know what other info to provide.

I ran malwarebytes and superantispyware just a day or two ago and only tracking cookies were identified

The only unusual things I did since last scan were
1. use compressed air around fan without opening the pc housing itself the hour before Avast began its daily scan
2. Immediately before the scan i was looking at photos of my mom and her home that I got off of her computer long ago
3. stopped 2 processes in task manager ( jqs.exe and hkcmd.exe) for first time trying to free any memory at all possible. I looked them up here before stopping them in task manager earlier today

Also, my usb mouse has been having problems staying connected but i think it is the cord - I taped the cord to pc housing to keep from jiggling it and it works fine . However it could be my USB is not seated well or something.


1. Avast seemed resistant to opening. Kept closing when Id open it but finally opened and allowed me to run full scan. Come to think of it I do not think it took as long as I would expect it to .... I have 208 GB

2. I have been playing Cityville on Facebook using Google Chrome and Shockwave has been incredibly SLOW and freezing in Cityville but players report the problem widespread so I dont know if related
Has gotten worse this past week

Thank you for your help!

Edited by balfiecat, 06 December 2011 - 11:43 AM.

BC AdBot (Login to Remove)


#2 Animal


    Bleepin' Animinion

  • Site Admin
  • 35,720 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:59 AM

Posted 06 December 2011 - 12:10 PM

Our very own quietman7 has posted in the False Positives topic regarding this:

avast detecting sfloppy.sys as hidden rootkit.

There have been numerous reports of this detection since early this morning.

As reported in this topic: Rootkit hidden filefloppy sys, the detection appears to be a false positive as of the last database update. Since many of our members use avast, I wanted to post the information so everyone is aware.

I received the same notification after booting up an hour ago and the database was updated. I submitted the file to virustotal and it came back clean so I choose to ignore it. No official confirmation from avast yet but users should monitor the topic for further replies.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 balfiecat

  • Topic Starter

  • Members
  • 68 posts
  • Gender:Female
  • Location:Alaska
  • Local time:05:59 AM

Posted 11 December 2011 - 07:35 PM

Thank you! Relieved it was not real.

Before I posted I did a search on the forum for the file name and got no results yet the name of the file is right there in the first line of Quietman's post. I just tried again using both simple and advanced search and got "No results found for 'sfloppy.sys'." Wonder if I am overlooking something I should be filling in or checking or ... ? Anyway, thank you for the link!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users