Author Topic: Suspicious file found in rootkit hidden process "C:\windows\system32.\ils.dll"  (Read 58663 times)

0 Members and 1 Guest are viewing this topic.

Offline antonpaco

  • Jr. Member
  • **
  • Posts: 64
same file, same problem, at 13.52 avast sent a new update, may be the problem has been fixed.
DO NOT ELIMINATE THE FILE.

Offline falcon710

  • Newbie
  • *
  • Posts: 9
sorry, my mistake... it's a false positive.. fixed VPS should be available already...


all we make errors ;D

Offline mansteel

  • Newbie
  • *
  • Posts: 2
the problem was solved by the vps?
 ???


sorry, my mistake... it's a false positive.. fixed VPS should be available already...


all we make errors ;D

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
with VPS 081215-1, the problem is fixed :)

this morning I have had the same problem >:( >:( >:(. now I have the 081215-1 version of the VPS.   The problem has been resolved? ???
NourinE

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
yes, no more pop-up concerning ils.dll in system32
 :) :) :) :) :) :)

the problem was solved by the vps?
 ???


sorry, my mistake... it's a false positive.. fixed VPS should be available already...


all we make errors ;D
NourinE

Offline mansteel

  • Newbie
  • *
  • Posts: 2
scan needs to solve the problem?


with VPS 081215-1, the problem is fixed :)

this morning I have had the same problem >:( >:( >:(. now I have the 081215-1 version of the VPS.   The problem has been resolved? ???

Offline primeuser

  • Newbie
  • *
  • Posts: 1
Yup, just happened to me about an hour ago... also by heuristic method, XP Pro MCE 2005 here, I deleted it and it said it was gonna send it to Avast for analysis...

I guess we'll find out soon enough... if need be, I can re-install netmeeting at some future time, but I haven't used netmeeting in a long long time anyway, so no big loss...

Offline tukso_n_march

  • Newbie
  • *
  • Posts: 2
[color=green]I GOT THE SAME WARNING, I GUESS WE ALL AVAST HOME USERS GOT IT AFTER THE DATABASE WAS UPDATED![/color]  ???

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
as I know the rootkit is scanned automatically at the start up. if there's something wrong a pop-up window will show up in few seconds or minutes after the startup

scan needs to solve the problem?


with VPS 081215-1, the problem is fixed :)

this morning I have had the same problem >:( >:( >:(. now I have the 081215-1 version of the VPS.   The problem has been resolved? ???
NourinE

Offline radar9077

  • Newbie
  • *
  • Posts: 3
I've read a few topics and this one seems to fit my situation perfectly, is it a false positive? and is it fixed yet?

I've restarted my computer, and it is scanning it, when thats done I'll wait 8min to see if it pops up :)

If someone could explain this in english(non tech lingo) I would appreciate it, thanks ;)

Offline martosurf

  • Full Member
  • ***
  • Posts: 182
  • www.supportkevin.com - Support Kevin Kjonnas SHAC7
i have same issue here, will try updating signatures, but this isn't the issue itself i think because false positives is somewhat 'normal' and you have to expect some of them.


So, this one goes to developers (i post this sugestion here because it's directly related to this topic):

It would be *very nice* if avast! display info on the suspected file like owner, file version, copyright, date & size, time-stamp, etc., the kind of info you get when you google for that file - in this case c:\windows\system32\ils.dll on my XP system.

that way it would be lot easier to know what to do with it.

cheers
"Emancipate yourself from mental slavery / none but ourselves can free our mind" - Bob Marley

Offline radar9077

  • Newbie
  • *
  • Posts: 3
finally finished and at 8min it popped up again, how do you update it?

Offline qim

  • Sr. Member
  • ****
  • Posts: 286
When I saw the warning I DELETED the file ils.dll

Now what should I do?  Is that file needed by Windows or another programme?  Where shouls I find it now?

Thank you

Offline anupupadhye

  • Newbie
  • *
  • Posts: 10
i got d same msg today "suspicious file". advised me 4 a boot time scan... after starting boot scan it came on a file (dont remember d name), and den d hole system bcame as it is... nothing worked. i hd to restart my pc..
i was facing d same problem with avast a few days b4... when th scan would reach a perticular file, it was ntservicepackuninstall.dll, system wuld hang and i hd 2 restart. i deleted the particular file and it it was ok den since avast culd not reach the file for scaning.
and now im facing d same prob... i cant del alll the files on which avast malfunctions as de might be important... wat to do now. pls help

Offline anupupadhye

  • Newbie
  • *
  • Posts: 10
hi qim, can we chat? we can solve our probs