Avast WEBforum

Other => Viruses and worms => Topic started by: -Genesis- on May 31, 2011, 03:33:34 AM

Title: FP system32\drivers\splitter.sys and npptnt2.sys?
Post by: -Genesis- on May 31, 2011, 03:33:34 AM
Does my system has many rootkits?

Avast full scan found nothing.

MBAM quick scan found nothing.


(http://i1216.photobucket.com/albums/dd376/sanjoseparaiso/splittersys.jpg)


http://www.virustotal.com/file-scan/report.html?id=dd17733cbb370fca08f0296704d7cbeaca3c8f76d0abe4761c3b1ffdf7481d9e-1306728928






(http://i1216.photobucket.com/albums/dd376/sanjoseparaiso/nprotect.jpg)

http://www.virustotal.com/file-scan/report.html?id=25284cae27071fa4391765862a81f9bdfc5398abf4ccf4e2df5b0972cfe66e72-1306781395



Title: Re: FP system32\drivers\splitter.sys and npptnt2.sys?
Post by: DavidR on May 31, 2011, 03:48:43 AM
This isn't saying you have a rootkit, but something that it considers suspect. Most probably a hidden driver of npptnt2.sys and splitter.sys, since these are considered suspect you should follow the advice to Ignore, as painful as this is in it being detected after every boot.
 
See this topic http://forum.avast.com/index.php?topic=78461.0 (http://forum.avast.com/index.php?topic=78461.0), which also mentions npptnt2.sys (ignore the bit about the behavior shield, the poster got that wrong) and you should report both of these as possible false positives as mentioned in Reply #6 of this topic.

Sending either of them to virustotal, won't achieve anything as the anti-rootkit scanning doesn't use the conventional avast signatures but a heuristic method, which can't be replicated on VT.
Title: Re: FP system32\drivers\splitter.sys and npptnt2.sys?
Post by: -Genesis- on May 31, 2011, 05:26:02 AM
Thanks David for replying my problem.

Actually i already try to send to virus@avast(dot)com but the page is blank?

I really dont know how to send to their virus lab.

Please guide me how to?


On my observation sometimes no pop up appears on system start.



But definitely its a FP because this is a new format system.

This only happens on the latest build.
Title: Re: FP system32\drivers\splitter.sys and npptnt2.sys?
Post by: DavidR on May 31, 2011, 02:18:20 PM
What do you mean by "Actually i already try to send to virus@avast(dot)com but the page is blank" ?

You can attach a copy of the file/s and you should but the information about the detection in the body of the email. If you place False Positive - Anti-Rootkit Scanner as the subject that virus@avast(dot)com is directed to the virus labs.
Title: Re: FP system32\drivers\splitter.sys and npptnt2.sys?
Post by: -Genesis- on May 31, 2011, 04:58:03 PM
If i write virus@avast.com i get a pop up

(http://i1216.photobucket.com/albums/dd376/sanjoseparaiso/q.jpg)

If i click yes it will go to avast.com.

If i click no a blank page appear no option.
Title: Re: FP system32\drivers\splitter.sys and npptnt2.sys?
Post by: Pondus on May 31, 2011, 05:01:42 PM
virus@avast.com  is an Email address......as it clearly show by the @

this is the mail address used when sending samples to avast lab

avast website is www.avast.com

what is it you are trying to do  ???
Title: Re: FP system32\drivers\splitter.sys and npptnt2.sys?
Post by: -Genesis- on May 31, 2011, 05:37:52 PM
OK i got it.

Tnx! ;D
Title: Re: FP system32\drivers\splitter.sys and npptnt2.sys?
Post by: -Genesis- on June 01, 2011, 01:58:53 PM
I already send to their email 10 hours ago with the .sys file and link to forum.

I still have no reply.
Title: Re: FP system32\drivers\splitter.sys and npptnt2.sys?
Post by: Pondus on June 01, 2011, 02:19:08 PM
I already send to their email 10 hours ago with the .sys file and link to forum.

I still have no reply.
you will not recive any reply......usually not

they may reply here.... but don`t expect them to do