Author Topic: rootkit detected in latest ATI (AMD) HD Audio Service driver (Read 3258 times)

ThurstonX · « **on:** May 02, 2014, 06:53:04 PM »

I installed the latest stable Catalyst Suite from AMD (14.4), but today I uninstalled it in order to revert to version 13.12. I used the latest version of the AMD Uninstall Utility. As the uninstall was finishing, avast! popped up a warning that AtiHDAudioService was infected with a rootkit. I took the recommended actions of deleting it (if it was even still present) and performing a boot-time scan (currently in progress, and will be for some time).

I can't post any other specifics until after the boot-time scan completes, but I find it hard to believe AMD would release a driver package that contains a root-kit.

I'll post specifics when I can.

Eddy · « **Reply #1 on:** May 02, 2014, 07:08:54 PM »

What OS/SP?
What version of avast?
What vps version?

ThurstonX · « **Reply #2 on:** May 02, 2014, 08:13:21 PM »

What OS/SP?
Windows 7 Ultimate SP1 64-bit
All Windows Updates applied, up to and including the Internet Explorer 11 update from yesterday

What version of avast? | What vps version?
2014.9.0.2018
140502-1

The boot-time scan found nothing.

Here's a screenshot of the avast! warning.

Eddy · « **Reply #3 on:** May 02, 2014, 08:20:46 PM »

I suggest you report it to avast as a false positive:
www.avast.com/contact-form.php‎

jefferson sant · « **Reply #4 on:** May 04, 2014, 12:04:04 AM »

Send the file (string filename is written after "SVC: AtiHDAudioService>" in the "File Name") to virus@avast.com, put "false positive" to send an e-mail subject compressed in zip or rar

ThurstonX · « **Reply #5 on:** May 04, 2014, 01:05:43 AM »

I don't have the file to send, as either avast! or the AMD uninstall utility deleted it. I can't use the form, as it requires me to upload a file.

Eddy · « **Reply #6 on:** May 04, 2014, 01:34:13 AM »

Look in the chest, if the file is there right click on it.

ThurstonX · « **Reply #7 on:** May 04, 2014, 04:01:19 AM »

Like I said, I took avast's recommended action, which was to delete the file, not move it to the chest. Chest is empty.

Well, hopefully someone else will be able to report it.

jefferson sant · « **Reply #8 on:** May 04, 2014, 04:42:10 AM »

unfortunately it will not do much thing
but who knows the picture, maybe help

medvid · « **Reply #9 on:** May 04, 2014, 08:36:34 AM »

Hello,

I fixed some files from this version of ATI, in few hours will be fixed in new VPS. Please try new version. If you problem still persist please don't hesitate write to us to virus@avast.com

ThurstonX · « **Reply #10 on:** May 04, 2014, 06:02:59 PM »

Thanks for fixing, but I'm not going to be re-installing ver. 14.4 of Catalyst due to an unrelated problem. Perhaps the fix will apply to future releases, which would be good.

Author Topic: rootkit detected in latest ATI (AMD) HD Audio Service driver (Read 3258 times)

ThurstonX

rootkit detected in latest ATI (AMD) HD Audio Service driver

Eddy

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver

ThurstonX

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver

Eddy

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver

jefferson sant

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver

ThurstonX

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver

Eddy

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver

ThurstonX

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver

jefferson sant

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver

medvid

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver

ThurstonX

Re: rootkit detected in latest ATI (AMD) HD Audio Service driver