Author Topic: Suspicious file found in rootkit hidden process "C:\windows\system32.\ils.dll"  (Read 58897 times)

0 Members and 1 Guest are viewing this topic.

radar9077

  • Guest
updated program and restarted, it didn't pop up again, next time I turn it on we shall see if its gone, but for now updating seems to have worked  ;D

martosurf

  • Guest
When I saw the warning I DELETED the file ils.dll

Now what should I do?  Is that file needed by Windows or another programme?  Where shouls I find it now?

Thank you

hi, there're many .DLL support websites where you can download that file from. just search for 'download ils.dll' or something like that (*without quots*) and you'll see.
try for instance www.dlldump.com. I already did the job 4 you: http://www.dlldump.com/download-dll-files_new.php/dllfiles/I/ils.dll/5.1.2600.2180/download.html
By the way, save the file in the \windows\system32 directory (folder)


avast! is just a GREAT product
« Last Edit: December 15, 2008, 07:32:50 PM by martosurf »

NLT

  • Guest
Hello,

I am on the east coast and updated the vps file (081215) at approximately 6:30 A.M.  After that time, I received the "suspicious file" popup.  I checked "ignore", after which I was asked if I wanted a boot time scan.  I allowed it....it was clean.  Here's the problem - I continue to get the popup displaying this "suspicious file" (just got one at 3 P.M.)!!!  How do I proceed here?

Rick F

  • Guest
Hello,

I am on the east coast and updated the vps file (081215) at approximately 6:30 A.M.  After that time, I received the "suspicious file" popup.  I checked "ignore", after which I was asked if I wanted a boot time scan.  I allowed it....it was clean.  Here's the problem - I continue to get the popup displaying this "suspicious file" (just got one at 3 P.M.)!!!  How do I proceed here?

Looks like you need to update again.  The latest VPS is 081215-1.  Alwil caught the error pretty quickly and corrected the detection in 081215-1.

NLT

  • Guest
Rick, my error I apologize - I DO have vps 081215-1....just checked to be sure!  What now?

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Did anybody actually delete this file, and has any problem with the computer as a result?
An Avast user at Wilders has posted concerning a detection she quarantined, and now has fairly significant problems.
Does anyone need a copy of this file?
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
after the vps update just restart  your computer
Rick, my error I apologize - I DO have vps 081215-1....just checked to be sure!  What now?
NourinE

Annie202b

  • Guest
I'm here for the same reason as everyone else.  But here's my question:

I did a manual update and the summary says: VPS Already up to date - Current version (081215-1)

When checking my Log viewer under 'Notice', it doesn't reflect this update.  It still reads 081215-0 as the last entry.  I've rebooted and am still getting the 'Suspicious File Found' notice.  Please help.  

stoeterke

  • Guest
Hi there,
i have the same problem as everyone else since today here except that it doesn't stay with only 1 file that may be infected in my case. It's more like 40 files..
for eg.:
"sign of rootkit hidden file has been found in C:\windows\system.ini
                                                            C:\windows\LAN
                                                            C:\windows\assembly/GAC_MSIL
                                                            C:\windows\assembly/GAC_32
                                                            C:\windows\SoftwareDistributionDownload
                                                             C:\windows\Twain_32.dll/LogiVid
i also already 2 times updated today and have the latest version (Avast home edition, windows XP) but the warning popup remains. I also only can choose between 'delete' or 'ignore'. When I hit ignore, the problem remains, i don't want to hit 'delete' because it's like 40files... Can anyone help please
thanx!!!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
stoeterke, do you have an ACER computer?
The best things in life are free.

stoeterke

  • Guest
stoeterke, do you have an ACER computer?

Indeed, I have an Acer Aspire 2001WLCi computer...
Do you know maybe what the problem is?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
They're being studied by Alwil team...
Right now, the workaround will be disabling the antirootkit scanning at the Troubleshoot page of the program settings.
The best things in life are free.

Annie202b

  • Guest
Tech, can you help me with my problem? (see above) Why is the update not being reflected in my log and why am I still getting the suspicious file messages?  I'd really appreciate it.  Thanks.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Tech, can you help me with my problem? (see above) Why is the update not being reflected in my log and why am I still getting the suspicious file messages?  I'd really appreciate it.  Thanks.
Annie, I've read your post... But I can't help, I mean, I don't understand why after booting the problem is still there...
The best things in life are free.

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
Why is the update not being reflected in my log?

if you update manually the update doesn't appear in the log viewer, it's reflected only when  it's automatically updated.
NourinE