Author Topic: Suspicious file found in rootkit hidden process "C:\windows\system32.\ils.dll"  (Read 58610 times)

0 Members and 1 Guest are viewing this topic.

Offline radar9077

  • Newbie
  • *
  • Posts: 3
updated program and restarted, it didn't pop up again, next time I turn it on we shall see if its gone, but for now updating seems to have worked  ;D

Offline martosurf

  • Full Member
  • ***
  • Posts: 182
  • www.supportkevin.com - Support Kevin Kjonnas SHAC7
When I saw the warning I DELETED the file ils.dll

Now what should I do?  Is that file needed by Windows or another programme?  Where shouls I find it now?

Thank you

hi, there're many .DLL support websites where you can download that file from. just search for 'download ils.dll' or something like that (*without quots*) and you'll see.
try for instance www.dlldump.com. I already did the job 4 you: http://www.dlldump.com/download-dll-files_new.php/dllfiles/I/ils.dll/5.1.2600.2180/download.html
By the way, save the file in the \windows\system32 directory (folder)


avast! is just a GREAT product
« Last Edit: December 15, 2008, 07:32:50 PM by martosurf »
"Emancipate yourself from mental slavery / none but ourselves can free our mind" - Bob Marley

Offline NLT

  • Jr. Member
  • **
  • Posts: 41
Hello,

I am on the east coast and updated the vps file (081215) at approximately 6:30 A.M.  After that time, I received the "suspicious file" popup.  I checked "ignore", after which I was asked if I wanted a boot time scan.  I allowed it....it was clean.  Here's the problem - I continue to get the popup displaying this "suspicious file" (just got one at 3 P.M.)!!!  How do I proceed here?
Dell Inspiron 530s, Intel Core2 Duo Processor, 4GB DDR2 SDRAM @ 667 MHz, 500 GB Serial ATA II Hard Drive, Windows XP SP3, Dell 19" WFP Flat Panel Analog and Digital Monitor, Integrated Intel Graphics Media Accelerator 3100. Avast Free vs7, SuperAntiSpyware Free, Malwarebytes Anti-Malware Free

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Hello,

I am on the east coast and updated the vps file (081215) at approximately 6:30 A.M.  After that time, I received the "suspicious file" popup.  I checked "ignore", after which I was asked if I wanted a boot time scan.  I allowed it....it was clean.  Here's the problem - I continue to get the popup displaying this "suspicious file" (just got one at 3 P.M.)!!!  How do I proceed here?

Looks like you need to update again.  The latest VPS is 081215-1.  Alwil caught the error pretty quickly and corrected the detection in 081215-1.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline NLT

  • Jr. Member
  • **
  • Posts: 41
Rick, my error I apologize - I DO have vps 081215-1....just checked to be sure!  What now?
Dell Inspiron 530s, Intel Core2 Duo Processor, 4GB DDR2 SDRAM @ 667 MHz, 500 GB Serial ATA II Hard Drive, Windows XP SP3, Dell 19" WFP Flat Panel Analog and Digital Monitor, Integrated Intel Graphics Media Accelerator 3100. Avast Free vs7, SuperAntiSpyware Free, Malwarebytes Anti-Malware Free

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Did anybody actually delete this file, and has any problem with the computer as a result?
An Avast user at Wilders has posted concerning a detection she quarantined, and now has fairly significant problems.
Does anyone need a copy of this file?
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
after the vps update just restart  your computer
Rick, my error I apologize - I DO have vps 081215-1....just checked to be sure!  What now?
NourinE

Offline Annie202b

  • Newbie
  • *
  • Posts: 18
I'm here for the same reason as everyone else.  But here's my question:

I did a manual update and the summary says: VPS Already up to date - Current version (081215-1)

When checking my Log viewer under 'Notice', it doesn't reflect this update.  It still reads 081215-0 as the last entry.  I've rebooted and am still getting the 'Suspicious File Found' notice.  Please help.  

Offline stoeterke

  • Newbie
  • *
  • Posts: 2
Hi there,
i have the same problem as everyone else since today here except that it doesn't stay with only 1 file that may be infected in my case. It's more like 40 files..
for eg.:
"sign of rootkit hidden file has been found in C:\windows\system.ini
                                                            C:\windows\LAN
                                                            C:\windows\assembly/GAC_MSIL
                                                            C:\windows\assembly/GAC_32
                                                            C:\windows\SoftwareDistributionDownload
                                                             C:\windows\Twain_32.dll/LogiVid
i also already 2 times updated today and have the latest version (Avast home edition, windows XP) but the warning popup remains. I also only can choose between 'delete' or 'ignore'. When I hit ignore, the problem remains, i don't want to hit 'delete' because it's like 40files... Can anyone help please
thanx!!!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
stoeterke, do you have an ACER computer?
The best things in life are free.

Offline stoeterke

  • Newbie
  • *
  • Posts: 2
stoeterke, do you have an ACER computer?

Indeed, I have an Acer Aspire 2001WLCi computer...
Do you know maybe what the problem is?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
They're being studied by Alwil team...
Right now, the workaround will be disabling the antirootkit scanning at the Troubleshoot page of the program settings.
The best things in life are free.

Offline Annie202b

  • Newbie
  • *
  • Posts: 18
Tech, can you help me with my problem? (see above) Why is the update not being reflected in my log and why am I still getting the suspicious file messages?  I'd really appreciate it.  Thanks.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Tech, can you help me with my problem? (see above) Why is the update not being reflected in my log and why am I still getting the suspicious file messages?  I'd really appreciate it.  Thanks.
Annie, I've read your post... But I can't help, I mean, I don't understand why after booting the problem is still there...
The best things in life are free.

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
Why is the update not being reflected in my log?

if you update manually the update doesn't appear in the log viewer, it's reflected only when  it's automatically updated.
NourinE