Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: sandeep108 on June 29, 2010, 10:14:31 AM

Title: FP - GVTDrv.sys?
Post by: sandeep108 on June 29, 2010, 10:14:31 AM
After updating to the latest program update (5.0.594), Avast detected potential rootkit \windows\system32\drivers\gvtdrv.sys (hidden service) and option to delete. I selected delete (in panic) with option to send file to avast.

I could not find much information about this file. It possibly may be leftover of Gigabyte EasyTune 6 utility. I ran a quick scan and avast reports all ok.

My OS is XP Pro on Gigabyte MB. Following questions:
1. How (if it is not a FP) can it get on my system with avast updated?
2. There does not seem to be any log of it and/or file is not there in Virus chest.
3. Is there anyway to get the file back (in case it is system critical)
4. If it is NOT a FP, then what else can I do, besides running MBAM (which shows all ok too)?

I do not really need to worry, right?
Title: Re: FP - GVTDrv.sys?
Post by: SafeSurf on June 29, 2010, 10:30:34 AM
Try doing a boot scan to be sure you are clean as long as you did a quick scan and and MBAM Full scan.

I believe what you did by deleting it got rid of the file for good, but perhaps someone with more experience can address this.
Title: Re: FP - GVTDrv.sys?
Post by: DavidR on June 29, 2010, 04:57:23 PM
On what scan was the gvtdrv.sys detected ?

I suspect it was the anti-rootkit scan 8 minutes after boot, does that roughly match the alert and was the alert the same as this image ?

Title: Re: FP - GVTDrv.sys?
Post by: sandeep108 on June 30, 2010, 07:00:55 AM
Yes, DavidR that was exactly it, just after re-boot after installing the latest program/definitions update. I am using the pro version of avast, if it helps any.

I did google the file, but did not get much info other than a minor chance of it being malware, but a major chance of the file being part of Gigabyte's Easy Tune6 utility (which I had once installed but had uninstalled quite some time back).
Title: Re: FP - GVTDrv.sys?
Post by: DavidR on June 30, 2010, 03:47:35 PM
OK, having chosen deletion there isn't a lot that I can suggest as I don't know what this file is for either. Whilst there is a possibility it is legit, but we don't know what program or version it is associated with. In which case you would think that you would be getting some sort of error on startup about a missing file or some program not working as it should, are you seeing anything like this ?

If it is related to Gigabyte's Easy Tune6 utility then there is probably no real downside as if you have tuned it before, etc. or you aren't trying to use that function I don't believe there would be any adverse effect. So if you no longer uses this application and uninstalled it perhaps the uninstall routine didn't clean house very well.

Personally it is safer to Ignore and allow the file/detection info to be reported to avast during the Update process, so that it can be analysed in more detail. Unfortunately that bridge has already been crossed.