Author Topic: Suspicious file found in rootkit hidden process "C:\windows\system32.\ils.dll"  (Read 55091 times)

0 Members and 1 Guest are viewing this topic.

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
I have avast pro latest version. today a warning popped up showing that there's a suspicious file found in rootkit hidden process : "C:\windows\system32.\ils.dll".
I think it's a false positive : I searched in google and other sites, the file is authentic.
and this the report of virstotal site :
http://www.virustotal.com/fr/analisis/106adb90b408e372ad7fd3ff22af087e
I didn't delete it and avast recommended to run scan boot but I haven't yet. I need to make sure it's not a false positive.
NourinE

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
I went to the file "ils.dll" and scanned it but avast detects nothing about it?! I don't understand what's wrong!!!
NourinE

Offline maleas

  • Jr. Member
  • **
  • Posts: 23
  • I'm a llama!
Same case here, on Windows XP. Details:
File: C:\windows\system32\ils.dll
OS: Windows XP SP3 (greek)
File version: 5.1.2600.5512
MD5Sum of the file: bd51ab8c4dbdb5ec2b28c613687fcbd8

@Nourine: I'd suggest to press "Ignore" but also check the "Submit the file to ..." option. Seems like a false positive.
« Last Edit: December 16, 2008, 07:56:46 AM by maleas »

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
thanks Maleas! I did. I hope I can find a solution as soon as possible, because I'm not the only user of this computer, my sisters use it, too. and they don't know much about viruses and computer. they would have immediately deleted it if they had found it.


@Nourine: I'd suggest to press "Ignore" but also check the "Submit the file to ..." option. Seems like a false positive.
NourinE

Offline Pekker

  • Newbie
  • *
  • Posts: 1
Hi,

First post :)

Same thing here. Shortly after booting up this morning I got the "suspicious hidden file found" warning.

I'm ultra paranoid when it comes to internet security so I'm going to assume that this is a FP?

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
one more thing, I checked the log viewer and found in warning :

15/12/2008   10:32   1229337133   SYSTEM   1128   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
15/12/2008   10:49   1229338167   SYSTEM   1128   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
 ???
I think the problem started after the today's update, because the database has been updated at 10:20 this morning.
NourinE

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11712
    • AVAST Software
The problem should be fixed in a few minutes (with a new VPS update).

Offline fensi88

  • Newbie
  • *
  • Posts: 9
  • Beograd, Srbija
    • Sports Astrology
Thanks, I had I the same problem and run boot scan, but Avast found nothing, all is clear. Glad that you will fix problem so quick! I am extremly satisified with Avast! I was saved 6 times in last year by it! Thanks also for free licence key!

Offline Gandalf_22h

  • Newbie
  • *
  • Posts: 17
Also got ils.dll being flagged as bad. Unable to get on here for a while, kept getting "TRy Later". In the meanwhile did a boot scan - nothing, submitted the dll to Virus Total - 0/38 and finally zipped and submitted to avast vie email.
Having now read this will wait for the next definitions update and re-scan the file.
I have waited all my life for a woman with a sword to come rescue me.

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
thanks. vps has already updated I will restart and see.

The problem should be fixed in a few minutes (with a new VPS update).
NourinE

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
:) I'm glad to say that I'm satisfied with avast, too
Thanks, I had I the same problem and run boot scan, but Avast found nothing, all is clear. Glad that you will fix problem so quick! I am extremly satisified with Avast! I was saved 6 times in last year by it! Thanks also for free licence key!
NourinE

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
Also got ils.dll being flagged as bad. Unable to get on here for a while, kept getting "TRy Later".

the same prb here.
NourinE

Offline 2harts4ever

  • Jr. Member
  • **
  • Posts: 92
  • " .... the Few ... the Proud ..."
Morning igor and all,

The 2nd update today seems to have fixed this quirk.
Thanks for the prompt fix.
Regards,
2harts4ever
Compaq Presario AMD Athlon(tm) 64 Processor 3300+, 2411MHz/1.93 GBs RAM, running Windows Xp Home, SP3., with IE8, Avast antivirus, Comodo Firewall, Spyware Blaster, Malwarebytes Anti-Malware, Windows Defender,Trojan Hunter,SUPERAntiSpyware Pro, PSI.exe

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
sorry, my mistake... it's a false positive.. fixed VPS should be available already...

Offline falcon710

  • Newbie
  • *
  • Posts: 9
this morning I have had the same problem >:( >:( >:(. now I have the 081215-1 version of the VPS.   The problem has been resolved? ???