Author Topic: FP - GVTDrv.sys?  (Read 4502 times)

0 Members and 1 Guest are viewing this topic.

sandeep108

  • Guest
FP - GVTDrv.sys?
« on: June 29, 2010, 10:14:31 AM »
After updating to the latest program update (5.0.594), Avast detected potential rootkit \windows\system32\drivers\gvtdrv.sys (hidden service) and option to delete. I selected delete (in panic) with option to send file to avast.

I could not find much information about this file. It possibly may be leftover of Gigabyte EasyTune 6 utility. I ran a quick scan and avast reports all ok.

My OS is XP Pro on Gigabyte MB. Following questions:
1. How (if it is not a FP) can it get on my system with avast updated?
2. There does not seem to be any log of it and/or file is not there in Virus chest.
3. Is there anyway to get the file back (in case it is system critical)
4. If it is NOT a FP, then what else can I do, besides running MBAM (which shows all ok too)?

I do not really need to worry, right?

SafeSurf

  • Guest
Re: FP - GVTDrv.sys?
« Reply #1 on: June 29, 2010, 10:30:34 AM »
Try doing a boot scan to be sure you are clean as long as you did a quick scan and and MBAM Full scan.

I believe what you did by deleting it got rid of the file for good, but perhaps someone with more experience can address this.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87435
  • No support PMs thanks
Re: FP - GVTDrv.sys?
« Reply #2 on: June 29, 2010, 04:57:23 PM »
On what scan was the gvtdrv.sys detected ?

I suspect it was the anti-rootkit scan 8 minutes after boot, does that roughly match the alert and was the alert the same as this image ?

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.1.6049 (build 23.1.7883.774) UI 1.0.746/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

sandeep108

  • Guest
Re: FP - GVTDrv.sys?
« Reply #3 on: June 30, 2010, 07:00:55 AM »
Yes, DavidR that was exactly it, just after re-boot after installing the latest program/definitions update. I am using the pro version of avast, if it helps any.

I did google the file, but did not get much info other than a minor chance of it being malware, but a major chance of the file being part of Gigabyte's Easy Tune6 utility (which I had once installed but had uninstalled quite some time back).

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87435
  • No support PMs thanks
Re: FP - GVTDrv.sys?
« Reply #4 on: June 30, 2010, 03:47:35 PM »
OK, having chosen deletion there isn't a lot that I can suggest as I don't know what this file is for either. Whilst there is a possibility it is legit, but we don't know what program or version it is associated with. In which case you would think that you would be getting some sort of error on startup about a missing file or some program not working as it should, are you seeing anything like this ?

If it is related to Gigabyte's Easy Tune6 utility then there is probably no real downside as if you have tuned it before, etc. or you aren't trying to use that function I don't believe there would be any adverse effect. So if you no longer uses this application and uninstalled it perhaps the uninstall routine didn't clean house very well.

Personally it is safer to Ignore and allow the file/detection info to be reported to avast during the Update process, so that it can be analysed in more detail. Unfortunately that bridge has already been crossed.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.1.6049 (build 23.1.7883.774) UI 1.0.746/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security