Author Topic: Suspicious file found in rootkit hidden process  (Read 5245 times)

0 Members and 1 Guest are viewing this topic.

mrwobbly

  • Guest
Suspicious file found in rootkit hidden process
« on: December 15, 2008, 12:15:28 PM »
Hi, I am a complete novice, but like others on this forum I'm having 'Suspicious files found in rootkit hidden process' errors when running the Avast. One example of the many suspicious files:

 windows\system32\spoolsv.exe\drivers\w32x86\2\ppbiUif.dll

I have updated to build 4.8.1296 with vps 081214.0. XP SP3 machine (not an Acer PC).

I have read through the various threads which talk about these suspicious files and frankly I'm confused. I have carried out the reboot scan ect but the problem still exists. Yes the files have been sent to Avast for study.

The problem only seemed to come to light after updating to build 4.8.1296 if that helps.

Please can you advise what I need to do to rectify,

atb mrwobbly
« Last Edit: December 15, 2008, 10:10:30 PM by mrwobbly »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Suspicious file found in rootkit hidden process
« Reply #1 on: December 15, 2008, 12:35:29 PM »
Avast is detecting as false positives some drivers on Acer computers.
Hope they can review the antirootkit scanning soon and help all the users that are experiencing problems with it...

I suppose that file, when submitted to www.virustotal.com, returns clean...
The best things in life are free.

Rick F

  • Guest
Re: Suspicious file found in rootkit hidden process
« Reply #2 on: December 15, 2008, 03:19:20 PM »
Try updating avast again.  The latest definitions is: 081215-1

There were some false positives being detected in 'rootkit' scan.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Suspicious file found in rootkit hidden process
« Reply #3 on: December 15, 2008, 03:47:02 PM »
this is another kind of error, which was seen on some Acer computers.. Vlk tried to resolve it, but i don't know the current status...

LAURANCE

  • Guest
Re: Suspicious file found in rootkit hidden process
« Reply #4 on: December 15, 2008, 03:55:02 PM »
i am also a novice and can't find where I am supposed to post my  message.
I am trying to down load Avast on my MS. windows 98. I am getting a message that an error has occured because there isn't enough storage. I have 3.5GB of hard disk free so I wonder what it means?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88999
  • No support PMs thanks
Re: Suspicious file found in rootkit hidden process
« Reply #5 on: December 15, 2008, 04:26:46 PM »
Please start a New Topic of your own as this seems unrelated to the original subject and will just confuse the topic and we will try to help.  - Go to this link, http://forum.avast.com/index.php, scroll down to the avast! 4.x Home/Pro forum and click it, click the New Topic button at the top of the list and post there.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

martosurf

  • Guest
« Reply #6 on: December 15, 2008, 05:02:09 PM »
« Last Edit: December 15, 2008, 05:07:22 PM by martosurf »

mrwobbly

  • Guest
Re: Suspicious file found in rootkit hidden process
« Reply #7 on: December 15, 2008, 10:00:50 PM »
Hi Rick F, have already updated both program and vps to the latest levels 4.8.1296 and 081215-1 and the problem still exists when running a scan!!!

Both my laptop and PC, NIETHER of which are Acer machines.

Still not sure how to get rid of this problem or if my pc/laptop are safe to use. Being disabled i use them for on-line banking etc.

Do we have a resolution for this error, which looking at the forum seems to be growing in number of those people affected???

atb tim

Annie202b

  • Guest
Re: Suspicious file found in rootkit hidden process
« Reply #8 on: December 15, 2008, 10:28:02 PM »
I, too, have updated VPS, manually. The summary says: VPS Already up to date - Current version (081215-1)

When checking my Log viewer under 'Notice', it doesn't reflect this update.  It still reads 081215-0 as the last entry.  I've rebooted and am still getting the 'Suspicious File Found' notice.  Why is the update not showing in the log? What else should I try?  Thanks in advance.   

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Suspicious file found in rootkit hidden process
« Reply #9 on: December 15, 2008, 10:37:40 PM »
I, too, have updated VPS, manually. The summary says: VPS Already up to date - Current version (081215-1)

When checking my Log viewer under 'Notice', it doesn't reflect this update.  It still reads 081215-0 as the last entry.  I've rebooted and am still getting the 'Suspicious File Found' notice.  Why is the update not showing in the log? What else should I try?  Thanks in advance.   
Don't post twice the same. Just double the help effort.
The best things in life are free.

Annie202b

  • Guest
Re: Suspicious file found in rootkit hidden process
« Reply #10 on: December 15, 2008, 10:51:12 PM »
Sorry, just looking for some answers. 

Rick F

  • Guest
Re: Suspicious file found in rootkit hidden process
« Reply #11 on: December 15, 2008, 11:10:38 PM »
Hi Rick F, have already updated both program and vps to the latest levels 4.8.1296 and 081215-1 and the problem still exists when running a scan!!!

Both my laptop and PC, NIETHER of which are Acer machines.

Still not sure how to get rid of this problem or if my pc/laptop are safe to use. Being disabled i use them for on-line banking etc.

Do we have a resolution for this error, which looking at the forum seems to be growing in number of those people affected???

atb tim

Not sure what your problem is if you don't have an Acer machine. Sorry.

TheScorpion

  • Guest
Re: Suspicious file found in rootkit hidden process
« Reply #12 on: December 25, 2008, 03:15:11 AM »

Both my laptop and PC, NIETHER of which are Acer machines.



I get the same problem with 'suspicious' rootkit files being reported and I don't have an Acer either. (Have an ASUS laptop) The scan also seems to freeze at different stages too, then tells me a virus has been found in memory and to do a boot scan. Do that but it always comes up clean.
I think it is a problem with build 1296. Hoping they sort it out.