Avast WEBforum

Other => Viruses and worms => Topic started by: ewoutdegraaf on February 25, 2009, 12:13:00 PM

Title: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: ewoutdegraaf on February 25, 2009, 12:13:00 PM

My virus definitions have been updated yesterday, and today the Avast Home edition warned me that nvlddmkm.sys would be infected with Win32:Vitro.

I was shocked, because this is a very nasty virus, so i rebooted immediately and let Avast scan my pc on reboot. Only this file seemed to be infected, no other infections found.

So Avast has removed my file, and my Nvidia video driver does not function any more. Next step is downloading the latest NVidia drivers and reinstalling... but now Avast warns me AGAIN for this file thas was unpacked from the driver pack, even before installing it to the system.

Can anyone tell me if this is a false positive? I dare not reinstall the video drivers before i know this for sure.

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Maxx_original on February 25, 2009, 12:38:56 PM

fixed internally... it will come out with next VPS update..

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Him on February 25, 2009, 02:47:25 PM

 Could this virus have been the work of a disgruntled rogue related programmer?

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: liebach on February 25, 2009, 02:56:44 PM

I have the same problem, hope it will be fixed soon (nvlddmkm.sys).

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Maxx_original on February 25, 2009, 03:16:36 PM

you can download the VPS, which resolves this issue, it was released few minutes ago..

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Committed on February 25, 2009, 06:47:58 PM

This may be my problem as well.  file showed infected by Win32:Vitro was nv_disp.inf_d5fff5df which is an NVIDIA driver.  I've banished it to my recycle bin and will download latest VPS update to check everything.

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Maxx_original on February 25, 2009, 09:02:22 PM

can you confirm the fix with the latest VPS?

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: danmaher on February 25, 2009, 09:45:24 PM

what or where will i find this 'VPS update' ?

seems im having this problem with one file (so far nothing else appears to be infected)

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Maxx_original on February 25, 2009, 09:47:52 PM

right click the "a" icon in tray and select Updating -> iAVS Update..

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Committed on February 25, 2009, 11:28:45 PM

Everything's hunkie dorie.  ;D  Download latest VPS, scanned, everything's clean.  Downloaded the latest drivers for my Nvidia graphics card and installed.  All is good.  Gave me quite a scare.  That virus sounds real nasty. :o

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: DavidR on February 26, 2009, 12:39:30 AM

It certainly gets your attention ;D

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Committed on February 26, 2009, 12:56:40 AM

Quote from: DavidR on February 26, 2009, 12:39:30 AM

It certainly gets your attention ;D

It certainly did.  Taught me a lesson about keeping my backups current too.

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: .: L' arc :. on February 26, 2009, 11:59:21 AM

-= try sending it to Jotti or VirusTotal..

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Nurse069 on February 26, 2009, 01:18:54 PM

i go the same problem there. i hope it is not really infected. its the only infected file in my comptuer and i hardly slept the other night. and just a while ago i still had my duty in the community for CHN. haai. i hope its not what it really is

Title: Re: False positive? nvlddmkm.sys recognized as infected Win32:Vitro
Post by: Lisandro on February 26, 2009, 01:28:48 PM

Follow the guideline of reply #8.