Avast WEBforum
Other => Viruses and worms => Topic started by: -Genesis- on May 17, 2011, 04:38:26 AM
-
Well this problem occurs for over a week already.
NpptNT2.sys is a legit from Nprotect Gameguard.
Behaviors shield heuristic method is always detecting this.
(http://i1216.photobucket.com/albums/dd376/sanjoseparaiso/avastnprotect.jpg)
-
so if you choose "ignore" and click the OK button it is still detected as Suspicious again and again ?
upload suspicous file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
-
This is the full story.
If i choose ignore avast will not pop up but behavior shield still detecting. But Its fine.
I dunno that its already ignore but behavior shield log has plenty of NpptNT2.
The problem is...
After restarting system that pop up appears again.
Added info
NpptNT2.sys has many location because i already put it on trusted policies on behavior shield but it still detecting it.
Anyway here is the VT
http://www.virustotal.com/file-scan/report.html?id=25284cae27071fa4391765862a81f9bdfc5398abf4ccf4e2df5b0972cfe66e72-1305529577
-
Avast team is not confirming this???..
I need reply on them.
-
The VT update is still flagging it.
-
The VT update is still flagging it.
From 1/43?
If you read VT community bolzano_1989 stated that its a goodware.
-
It's still flagged in VT by a different user. I don't consider anything except 0 (zero) to be safe, but that's just me.
-
looks like FP
sigcheck:
publisher....: INCA Internet Co., Ltd.
copyright....: Copyright _ 2000-2005 INCA Internet
product......: nProtect NPSC Kernel Mode Driver for NT
description..: nProtect NPSC Kernel Mode Driver for NT
original name: npptNT2.sys
internal name: npptNT2
file version.: 2005, 1, 5, 1
comments.....: nProtect NPSC Kernel Mode Driver for NT
signers......: -
signing date.: -
verified.....: Unsigned
-
OK, I have gone over this topic again at the request of the OP.
The first image is misleading as the anti-rootkit scan (8 minutes after boot) has nothing to do with the Behavior Shield image in the background, even though the file in the behavior shield was allowed, it was analysed (11 events analysed/0 suspicious) but not classed as suspicious (blocked)
Unfortunately VT will fail to find anything as it can't use the heuristic methods that the anti-rootkit scan dies to detect this. And frankly eSafe is notorious, I have even seen it report a virus in a password protected archive, which is beyond me as to scan the password protected archive you have to extract the files to do it properly.
So that said I would say the detections are 0/42, which would be what I would expect (up to a point) on a file detected by the anti-rootkit scan, as it is its behavior/function that is at issue, a hidden service and not a physical signature detection that VT scans for. Which is why even in the trusted processes in the behavior shield, the file is detected by the rootkit scan (not the behavior shield).
So I would try reporting it again (email to virus&avast.com, 'False Positive anti-rootkit scan' in the subject, and give as full information as possible, mention Game Guard, the Program and version it is used with, etc. etc. and the link to this topic won't hurt either (you could also attach the file, but I don't know if that would help, but it certainly won't hurt).