Consumer Products > Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)

Suspicious File Found: WINSYS2.EXE

(1/10) > >>

alisonnic:
Avast has begun giving me a warning that it has found a suspcious file:

  File Name: C:\WINDOWS\System32\WINSYS2.EXE
  Type: Rootkit: hidden process

It says this was detected using a heuristic method.

It gives me the option of ether deleting or ignoring it, and its recommended action is Ignore.

I chose Ignore, and Avast immediately gave me a message saying:

avast has detected a virus in the operating memory.  Since it is very dangerous to work with the computer while the virus is active, it is strongly recommended that you restart the computer and let avast! scan all your data in the boot phase, before the virus can be activated.  Do you want to schedule the boot-time scan and restart the computer?

I chose Yes, and the boot time scan found no viruses on my hard drive.

But after booting I got the same message about the suspicious file.

What do I do now?

Marc57:
Follow Tech's suggestions in the second post and see if that helps.

http://forum.avast.com/index.php?topic=36473.0

alisonnic:

--- Quote from: marc57 on September 24, 2008, 12:29:26 AM ---Follow Tech's suggestions in the second post and see if that helps.

http://forum.avast.com/index.php?topic=36473.0

--- End quote ---

Thanks!  Good information.

My suspicious file turned up all negatives on Virustotal.  (At least, that's what I think it means when every one of Virustotal's tests has a dash (-) in the result column.  So I'll be submitting a False Positive report to avast!

DavidR:
Well this google search doesn't back up that result, http://www.google.co.uk/search?q=WINSYS2.EXE.

The file name and location look suspicious to me even before I did a google search for it.

It is possible that the file might be protected in some way and 0 bytes actually gets uploaded. Try uploading it again and this time post the URL to the results (copy and paste it from the address bar).

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight

Jtaylor83:
This is definitely a rookit.

http://www.prevx.com/filenames/X1470474490683438331-0/WINSYS2.EXE.html

I suggest you follow DavidR's instructions.

Navigation

[0] Message Index

[#] Next page

Go to full version