sfloppy.sys is a rootkit?

[olafpir]

From the last definition update, Avast report me an alarm telling me that sfloppy.sys is a rookit and that I need to eliminate it.
I have read this file is a Wiondws system file and is necesary to the system.
My OS is Windows Xp SP3.
Actually running Avast Free Antivirus ver. 6.0.1367
Data Base ver. 111208-0
It is a false positive alarm?
What it be supposed I must to do?
Thanks
Olaf

[polonus]

Hi olafpir,

Could be an avast glitch or FP or avast could not properly deal with that file, re: http://forum.avast.com/index.php?topic=89963.0
and also see: http://forums.majorgeeks.com/showthread.php?t=248503 (at the end of that thread)

Waiting for comments?

polonus

[Asyn]

1. It is a false positive alarm?
2. What it be supposed I must to do?

1. Most likely..!! I wonder why it is back though..!??
2. Ignore it, as it hopefully will be fixed (again!) soon.

[DavidR]

Are you sure (you have the latest VPS update) as this 'false positive' first occurred on the 6th December and was corrected in a VPS update that day in 111206-2.

Use the Ignore option and don't check the 'don't tell me about this again' option.

[DavidR]

Update, I have just run a Custom Scan on a Full Anti-Rootkit scan and no alert with VPS 111208-0. So as I said confirm that you actually have the latest update. I will try a reboot and see if the standard anti-rootkit scan returns a hit or not.

[jsejtko]

Hello all,

The problem with sfloppy.sys was connected only to 11120600 and 11120601 vps versions.

We are still getting some reports, but all of them are caused by the vps version I mentioned above.

Regards
J.

[Asyn]

Hello all,

The problem with sfloppy.sys was connected only to 11120600 and 11120601 vps versions.

We are still getting some reports, but all of them are caused by the vps version I mentioned above.

Regards
J.

Thanks for this info..!!

[DavidR]

The problem with sfloppy.sys was connected only to 11120600 and 11120601 vps versions.

We are still getting some reports, but all of them are caused by the vps version I mentioned above.

Thanks for the prompt response Jirka. That's what has thrown me with the OP reporting that he has VPS 111208-0, which I have run an anti-rootkit scan with the same VPS and no alert. I have just rebooted and the anti-rootkit should be about to kick in (8 minutes after boot). It has now completed and no alert, image1 extract of aswAr.log.

So I have to wonder about the OP 'olafpir' having a problem with the reported VPS and it actually being installed.

[Asyn]

So I have to wonder about the OP 'olafpir' having a problem with the reported VPS and it actually being installed.

+1

[olafpir]

Thanks very much to all the people that answer me !

Effectively, updating (automatically) to VPS version 111208-1 (that currently is running on my PC)Avast Free did not detect the sploppy.sys file as a rookit.

Problem solved!

Thaks to all again !

Olaf

[Asyn]

Thanks very much to all the people that answer me !

You're welcome.