Suspicious file found in rootkit hidden process "C:\windows\system32.\ils.dll"

[NourinE]

I have avast pro latest version. today a warning popped up showing that there's a suspicious file found in rootkit hidden process : "C:\windows\system32.\ils.dll".
I think it's a false positive : I searched in google and other sites, the file is authentic.
and this the report of virstotal site :
http://www.virustotal.com/fr/analisis/106adb90b408e372ad7fd3ff22af087e
I didn't delete it and avast recommended to run scan boot but I haven't yet. I need to make sure it's not a false positive.

[NourinE]

I went to the file "ils.dll" and scanned it but avast detects nothing about it?! I don't understand what's wrong!!!

[maleas]

Same case here, on Windows XP. Details:
File: C:\windows\system32\ils.dll
OS: Windows XP SP3 (greek)
File version: 5.1.2600.5512
MD5Sum of the file: bd51ab8c4dbdb5ec2b28c613687fcbd8

@Nourine: I'd suggest to press "Ignore" but also check the "Submit the file to ..." option. Seems like a false positive.

[NourinE]

thanks Maleas! I did. I hope I can find a solution as soon as possible, because I'm not the only user of this computer, my sisters use it, too. and they don't know much about viruses and computer. they would have immediately deleted it if they had found it.

@Nourine: I'd suggest to press "Ignore" but also check the "Submit the file to ..." option. Seems like a false positive.

[Pekker]

Hi,

First post

Same thing here. Shortly after booting up this morning I got the "suspicious hidden file found" warning.

I'm ultra paranoid when it comes to internet security so I'm going to assume that this is a FP?

[NourinE]

one more thing, I checked the log viewer and found in warning :

15/12/2008   10:32   1229337133   SYSTEM   1128   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
15/12/2008   10:49   1229338167   SYSTEM   1128   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
 
I think the problem started after the today's update, because the database has been updated at 10:20 this morning.

[igor]

The problem should be fixed in a few minutes (with a new VPS update).

[fensi88]

Thanks, I had I the same problem and run boot scan, but Avast found nothing, all is clear. Glad that you will fix problem so quick! I am extremly satisified with Avast! I was saved 6 times in last year by it! Thanks also for free licence key!

[Gandalf_22h]

Also got ils.dll being flagged as bad. Unable to get on here for a while, kept getting "TRy Later". In the meanwhile did a boot scan - nothing, submitted the dll to Virus Total - 0/38 and finally zipped and submitted to avast vie email.
Having now read this will wait for the next definitions update and re-scan the file.

[NourinE]

thanks. vps has already updated I will restart and see.

The problem should be fixed in a few minutes (with a new VPS update).

[NourinE]

I'm glad to say that I'm satisfied with avast, too

Thanks, I had I the same problem and run boot scan, but Avast found nothing, all is clear. Glad that you will fix problem so quick! I am extremly satisified with Avast! I was saved 6 times in last year by it! Thanks also for free licence key!

[NourinE]

Also got ils.dll being flagged as bad. Unable to get on here for a while, kept getting "TRy Later".

the same prb here.

[2harts4ever]

Morning igor and all,

The 2nd update today seems to have fixed this quirk.
Thanks for the prompt fix.
Regards,
2harts4ever

[Maxx_original]

sorry, my mistake... it's a false positive.. fixed VPS should be available already...

[falcon710]

this morning I have had the same problem . now I have the 081215-1 version of the VPS.   The problem has been resolved?