Author Topic: Virus alert (Read 3869 times)

kshuffman · « **on:** January 23, 2011, 03:27:01 AM »

I keep getting this alert and the choices are ignore or delete with no option to submit for review. I keep deleting it but it come back. Here it is:

Tarq57 · « **Reply #1 on:** January 23, 2011, 04:15:53 AM »

So under "actions to take", what else (if anything) is in the drop-down menu apart from "ignore"?

One thing you could do is navigate to and locate the file concerned, add it to the chest, and then submit it that way.

The file can also be scanned at www.virustotal.com for multiple second opinions. If it appears to be clean, it's probably best to submit it to Avast as a false positive. (Right click the entry from within the chest to find the options.)

DavidR · « **Reply #2 on:** January 23, 2011, 04:36:58 AM »

@ kshuffman
What if you click on the little Triangle Advanced for other options ?

For the time being choose Ignore and don't check the 'Do not tell me about these files in the future' option, as tedious as it may be you want the notification to continue. Deletion is never a good first option, investigate as you are.

Check out this for info on the dgitecp.sys file, whilst this is no guarantee that this file is the same, check if the associated products match anything you have on your system, OS, etc. http://www.file.net/process/dgivecp.sys.html

@ Tarq57
There are only two options in the anti-rootkit alert (which this is) Ignore and Delete, as the OP stated in his post.

I rather doubt VT will find anything given that this is an anti-rootkit scan (using heuristic methods) and not an on-demand scan.

kshuffman · « **Reply #3 on:** January 23, 2011, 06:05:33 AM »

Quote from: DavidR on January 23, 2011, 04:36:58 AM

@ kshuffman
What if you click on the little Triangle Advanced for other options ?

For the time being choose Ignore and don't check the 'Do not tell me about these files in the future' option, as tedious as it may be you want the notification to continue. Deletion is never a good first option, investigate as you are.

Check out this for info on the dgitecp.sys file, whilst this is no guarantee that this file is the same, check if the associated products match anything you have on your system, OS, etc. http://www.file.net/process/dgivecp.sys.html

@ Tarq57
There are only two options in the anti-rootkit alert (which this is) Ignore and Delete, as the OP stated in his post.

I rather doubt VT will find anything given that this is an anti-rootkit scan (using heuristic methods) and not an on-demand scan.

Thanks for the info, I use a samsung ml2510 printer and it could be coming from that. Also, I will do as you suggest and ignore for now. It would not open the advanced options. It is late here in the USA, so I will post my findings tomorrow. Thanks.

DavidR · « **Reply #4 on:** January 23, 2011, 03:34:04 PM »

You're welcome, I believe you actually have to click on the triangle if you were clicking on the Advanced wording.

kshuffman · « **Reply #5 on:** January 24, 2011, 03:10:55 AM »

Quote from: DavidR on January 23, 2011, 03:34:04 PM

You're welcome, I believe you actually have to click on the triangle if you were clicking on the Advanced wording.

If you click on the triangle, the do not show this again disappears.

DavidR · « **Reply #6 on:** January 24, 2011, 03:56:18 AM »

OK, that must have been it expanded then. Though why it isn't giving the option to submit to the labs when it is expanded I don't know.

kshuffman · « **Reply #7 on:** January 25, 2011, 01:42:46 AM »

The only driver I found with that name is a samsung driver. It is in the same location as the one in the file above, but with no ?? in front of it.

DavidR · « **Reply #8 on:** January 25, 2011, 02:02:07 AM »

I think the ?? could mean something else over an above the path, but I don't know what.

That link I gave in my first reply also give Samsung as one of the possibles using that file name.

kshuffman · « **Reply #9 on:** January 25, 2011, 02:42:03 AM »

So, would you assume that the file is safe? It would be nice to able submit it for further review.

DavidR · « **Reply #10 on:** January 25, 2011, 04:12:50 AM »

I can't really say, but since the actual wording is suspicious and since the default option it is displaying in the alert is ignore (is that correct ?) I would say that the detection isn't 100%

Other than that I can't really tell, hopefully behind the scenes data about this detection can be uploaded in the communityIQ project to refine signatures/detections, etc.

kshuffman · « **Reply #11 on:** January 26, 2011, 03:03:14 AM »

Quote from: DavidR on January 25, 2011, 04:12:50 AM

I can't really say, but since the actual wording is suspicious and since the default option it is displaying in the alert is ignore (is that correct ?) I would say that the detection isn't 100%

Other than that I can't really tell, hopefully behind the scenes data about this detection can be uploaded in the communityIQ project to refine signatures/detections, etc.

After the clean install of Avast I did with the other issue you were helping me with, this suspious file has not popped up all day. I'll just wait and see what happens. If it comes back, I may remove and reinstall the samsung printer driver again. Much appreciation for the help and suggestions.

DavidR · « **Reply #12 on:** January 26, 2011, 03:37:25 AM »

You're welcome, glad that you have had some success.

Author Topic: Virus alert (Read 3869 times)

kshuffman

Virus alert

Tarq57

Re: Virus alert

DavidR

Re: Virus alert

kshuffman

Re: Virus alert

DavidR

Re: Virus alert

kshuffman

Re: Virus alert

DavidR

Re: Virus alert

kshuffman

Re: Virus alert

DavidR

Re: Virus alert

kshuffman

Re: Virus alert

DavidR

Re: Virus alert

kshuffman

Re: Virus alert

DavidR

Re: Virus alert