Consumer Products > Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)

Suspicious File Found: WINSYS2.EXE

<< < (3/10) > >>

nickb01:
Hi I too am getting same message on 2 msi computers with windows xp.
I also have a 3rd computer but running windows vista 32bit.
The message has not occurred on the vista machine yet.
All 3 computers have the same mother board and graphics card.
The graphics card is nvidia geforce 8800 sold by msi.
The motherboard is nvidia nforce 570 sli chipset based - k9n sli platinum also sold by msi.

aSDafDa:
I am also getting this message. 

MD5 on Virustotal matches that posted earlier.

I have the MSI GeForce 8500 GT.  Date winsys.exe and winsys2.exe was created is 5-30-2008, which is the date I built this computer.

System scan on boot shows no viruses, various rootkit detection programs do not pick up anything.

Xunau:
My friend have the same problem also.
He have an MSI GeForce 8500 GT video card and the winsys2.exe is on his installation CD.

Avast see it as a rootkit only since yesterday.

http://www.virustotal.com/analisis/1244f460b0869f4ab321a320b0b099e2

DavidR:
This is a different MD5 number to that in colebn virus total link so is different to the file he submitted.

alisonnic:
Ok, I submitted the file to Virustotal again and here is the result:

http://www.virustotal.com/reanalisis.html?de47e4757ce157707d9e825e62a6c174

It says it scanned 208896 bytes so the upload appears to have been successful.  And all the tests were negative.

I, too have an MSI NVIDIA card, in my case an 8800GT.  I am looking at the CD right now and both winsys2.exe and winsys.exe are on the CD, in the folder R:\nVIDIA\Win2K-XP\V169.02.

These two files have the same dates and sizes as the two files of the same name in my Windows/System32 folder.  So I am confident that they came from the CD when I installed the MSI NVIDIA driver from it.

So the question is, did MSI ship a driver with a rootkit in it, or is avast! mis-identifying a legitimate driver file as a rootkit?

Has anyone at avast! had a chance to look at the file I emailed to you yesterday to see if it's the same as a known rootkit, or different?

Should someone at avast! contact MSI to let them know they are shipping a file with a name that's the same as a known rootkit?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version