Avast WEBforum
Other => General Topics => Topic started by: Nise5280 on May 15, 2011, 06:07:02 PM
-
I rec'd a msg. box that said avast! found suspicious files during background heuristic method scan...these files have the word DRIVERS in file name. I looked for a way to say 'yes' to sending them to avast! lab, but the only options are 'ignore' and 'delete'. ALSO, is it safe to delete files with related to DRIVERS?? I am no tech and dont want to do damage I can't reverse please. Thank you! Nise 5280
-
What are the file names please - as that way a determination can be made
-
Sounds like the anti-rootkit scan, does the image look like the one attached ?
Whatever you do don't rush to deletion, post the details about the alert as essexboy asks and we can be more detailed in our advice.
-
Also see the current thread here (http://forum.avast.com/index.php?topic=78198.0), where I ran into the same thing and there's good discussion of it.
-
I thank you guys for the quick reply. Yes, the msg looks exactly like the example DavidR posted in his reply. For Essexboy, here are the file names as they are listed in the msg box FROM TODAY:
\SystemRoot\system32\DRIVERS\ivm.sys
\SystemRoot\system32\DRIVERS\R3dne2000.sys
\??\C:\WINDOWS\system32\vsdatant.sys
THIS IS THE MSG BOX FROM SATURDAY 5-14:
\SystemRoot\system32\DRIVERS\ivm.sys
" " DRIVERS\R3dne2000.sys
" " DRIVERS\ivm.sys
" " DRIVERS\R3dne2000.sys
\??\C:\WINDOWS\system32\vsdatant.sys
I thank you for the assistance - and no worries regarding that quick-delete...I dont go near anything with the words
"registry" or "drivers" in them without help. Nise5280
-
It is now almost 1:30am in the UK, essexboy will be back on the forums in the evening after work.
-
MikeBCda - Thank you for the link you provided. I also had nothing come up on any scan, and cant find any information in my avast program. I did learn some useful things from your link; but it's a bit out of my range (I still haven't figured out what a rootkit is). Thank you again! Nise5280
-
Two files are legit one is ZA and the other IBM
File Scanner
There are some files I need you to upload for checking
- Make sure to use Internet Explorer for this
- Please go to VirSCAN.org FREE on-line scan service (http://virscan.org/)
- Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\windows\system32\DRIVERS\R3dne2000.sys
- Click on the Upload button
- If a pop-up appears saying the file has been scanned already, please select the ReScan button.
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
-
here :
http://forum.avast.com/index.php?topic=78125.0
what is the problem from avast in this 3 days ?
the solution ? help me....
for 3 day it say suspect : C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
NOW, a new file :
ew_hwusbdev.sys
http://i51.tinypic.com/30djjfq.jpg
(http://i51.tinypic.com/30djjfq.jpg)
but i not found in system32/driver this file to scan into
VirusTotal online !!!
help me ....
-
http://www.filelab.com/ew_hwusbdev.sys.aspx
-
yes i use hawei key.... is another false/positive of avast ? the solution ? help
-
One user (sorry, forget who) noted over in that other thread that this seems to happen about once a year on average, and is merely a glitch in the rootkit scanner. For any given user the specific file warned of seems to be more or less random, so it's not a FP problem. It does, however, seem to be particularly sensitive to drivers (.sys files) for some reason.
While it's remotely possible, of course, that you really did pick up an "iffy" driver somewhere, you can almost certainly ignore these warnings.