Hello all! I have a couple questions. I'm hoping someone might be able to help identify what these detections might be.
First off, my info...
dell dimension "XPS 410" Model DXP061
Windows Vista Home Premium SP2
Intel Core 2 Quad CPU (Q6600 @ 2.40GHz, 2.39GHz)
4.00 GB RAM
I run a very clean PC running regular scheduled scans with AVG Antivirus and I also run Microsoft Security Essentials with active real-time protection (automatically updating).
I keep Spybot S&D and Malwarebytes current and run regular scans with both.
Tonite I opened AVG Antivirus and started going through the scan detections from Scheduled Scans from previous weeks.
When I got to the detections from October 2013 I noticed an anomaly..
Scheduled Scan 9/25/2013 Infections: 0
Scheduled Scan 10/2/2013 Infections: 61
Scheduled Scan 10/9/2013 Infections: 56
Scheduled Scan 10/16/2013 Infections: 50
Scheduled Scan 10/23/2013 Infections: 0
All of these were classified "Medium" Security risks by AVG Antivirus.
Every single one of these detections were identified in AVG by "Anti-Rootkit" and all point to object..
The threat names vary widely. Below are some examples...
"";"atapi.sys, hooked import ataport.SYS AtaPortWritePortUchar -> splf.sys +0x26D6, C:\Windows\System32\Drivers\splf.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_INTERNAL_DEVICE_CONTROL -> splf.sys +0x12CD8, C:\Windows\System32\Drivers\splf.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_INFORMATION -> splf.sys +0x1204C, C:\Windows\System32\Drivers\splf.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_DIRECTORY_CONTROL -> splf.sys +0x1204C, C:\Windows\System32\Drivers\splf.sys";"Infected"
This is the only detection anomaly I've ever documented in two years of weekly logs.
Nothing has been detected by AVG since this anomaly back in October.
NONE of the detections were removed by AVG (All were categorized as "Not removed")
These detections simply ceased after the scan on 10/16/2013. They have not come back since.
Why would all detections be involving object name:
Could this have been an organized attack or attempt?
Thanks in advance!