Keeps detecting a probable false positive "Elkbd.sys"

[VicVegas]

It's an Intel Quick Resume Technology Driver. Some time back the same thing happened with Kaspersky (not to me), so I found out what it was on their forum. I've sent it to your labs yesterday, but it still thinks it's Malware. At the moment I can't really tell if it's removal has done anything negative. Today it also caught another instance of it as well as a numbered file in the system volume information (probably just a copy of Elkbd).

I was not and am still not experiencing any problems with this machine. I will note that the program is probably old and not used by newer computers.

[Pondus]

have you tested the file at VirusTotal.com ?

post link to scan result here

alternatives: jotti.org or metascan-online.com

[DavidR]

Try a forum search for that file name as there is at least one other instance of this being detected as win32:Malware-gen, submit the file to avast for analysis.

[EricFr]

Hi,

Same here, take a look on my thread http://forum.avast.com/index.php?topic=111239.0

[DavidR]

That is the topic I was referring to thanks

[VicVegas]

For the time being the computer hasn't become "unusable" like it did for EricFr, but I've submitted the files to Avast Labs in hopes that this can quickly be resolved.

[VicVegas]

Here are the results from all 3 sites (since not all of them necessarily use the same scanners).

https://www.virustotal.com/file/067aa4d35d5faf9127003367b9417bce718559bceb43fa02a4f4e3142a3cb71c/analysis/1355659393/
http://virusscan.jotti.org/en/scanresult/03fa0a2ba675e1970ac99e3c618ef4c85a0e63e9
https://www.metascan-online.com/en/scanresult/file/6c617b4878124bb29be7a10e3c1ac375

Some scanners other than avast and GData did detect it, still not that high of a ratio though.

Also forgive me if I lack confidence in the Virus Labs on this. I submitted Jesterss.dll to the lab a long time ago https://forum.avast.com/index.php?topic=107217.10 which was clearly a part of Gateway's screensaver, but to this day Avast still detects it as a Trojan.

[Pondus]

First seen by VirusTotal
2009-06-11 23:03:51 UTC ( 3 år, 6 måneder ago )


Gdata use avast as one of its two virus engines

[VicVegas]

Kingsoft and Jiangmin are both based out of China. That's... interesting.

I will also point out that the particular submition to virus total you mentioned came up clean by the message it showed me when submitting mine.

There's always this: http://www.isthisfilesafe.org/product/Intel%28R%29%20Quick%20Resume%20Technology_details.aspx

[topgunner]

A friend of mine has this problem with Avast.  I recommended another free product until this is resolved.  The system was XP Gateway Model 5064.

The trusted drivers can be obtained from the Gateway link below:

http://support.gateway.com/support/drivers/getFile.asp?id=20704&dscr=Intel%20Quick%20Resume%20DriverVersion:%20%201.0.0.1090&uid=363726761

If these drivers are removed from the Control Panel, native XP hid drivers are used. 

Can anyone confirm these false positives are "fixed"?

Thanks.

[VicVegas]

I can confirm that my computer is also a Gateway model and as I said, Avast has caused problems on my Gateway brand computers in the past.