Author Topic: sptd.sys likely a false positive  (Read 27878 times)

0 Members and 1 Guest are viewing this topic.

Offline cadremis

  • Sr. Member
  • ****
  • Posts: 374
  • Proud Mexican Avast User
Re: sptd.sys likely a false positive
« Reply #45 on: June 02, 2011, 06:59:18 AM »
Since I never received and answer form Avast and since I do not use Alchohol and Deamon Tools I decided to use killbox to get rid of that file on re-boot, now my sistem is clean again and not receiving such alerts.

Thanks..rm

See attached picture
« Last Edit: June 02, 2011, 07:06:43 AM by cadremis »
1.-W/7 Ultimate SP1,32bts Intel Core 2 CPU 6300 1.86Ghz 2G RAM Intel G965.
Avast Free 7.0.1474, Online Armor Free Firewall 6.0.0.1736, Firefox 17.01, SandBoxie 3.76,Free,Mbam & SAS,PandaUSB Vaccine

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: sptd.sys likely a false positive
« Reply #46 on: June 02, 2011, 07:44:33 PM »
No that looks OK - when I had the case aswMBR put rootkit in big bright red letters next to it

Offline MeDIeVaL

  • Full Member
  • ***
  • Posts: 165
Re: sptd.sys likely a false positive
« Reply #47 on: June 10, 2011, 11:13:19 AM »
I do not use either Alchohol nor Deamon Tools but still got the sptd.sys warning today. Scanned with aswMBR and I got this...

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-10 17:08:16
-----------------------------
17:08:16.417    OS Version: Windows 6.0.6002 Service Pack 2
17:08:16.417    Number of processors: 2 586 0x170A
17:08:16.418    ComputerName: LOGAM-PC  UserName: Logam
17:08:19.521    Initialize success
17:08:33.442    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:08:33.444    Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 3
17:08:35.504    Disk 0 MBR read successfully
17:08:35.508    Disk 0 MBR scan
17:08:35.511    Disk 0 unknown MBR code
17:08:37.515    Disk 0 scanning sectors +625137345
17:08:37.614    Disk 0 scanning C:\Windows\system32\drivers
17:08:44.481    Service scanning
17:08:46.514    Disk 0 trace - called modules:
17:08:46.555    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864341f8]<<
17:08:46.556    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866141c8]
17:08:46.556    3 CLASSPNP.SYS[8c3a28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8647e8a0]
17:08:46.556    \Driver\atapi[0x85ab86e8] -> IRP_MJ_CREATE -> 0x864341f8
17:08:46.557    Scan finished successfully
17:12:01.940    Disk 0 MBR has been saved successfully to "C:\Users\Logam\Documents\MBR.dat"
17:12:01.945    The log file has been saved successfully to "C:\Users\Logam\Documents\aswMBR.txt"

What should I do next?
HP Pavilion g4. Intel Core i5-2410M @ 2.3GHz. 4GB RAM. Win7 SP1 64bit. avast! Free 7.0.1456. COMODO Firewall

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37105
Re: sptd.sys likely a false positive
« Reply #48 on: June 10, 2011, 11:33:02 AM »
Try this

kaspersky TDSSKiller  http://support.kaspersky.com/faq/?qid=208283363

if still problems, starte a new topic in the "virus an worms" section  http://forum.avast.com/index.php?board=4.0

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs in the new topic you start )


To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI

Essexboy will look at the logs when he arrive later today...


Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: sptd.sys likely a false positive
« Reply #49 on: June 10, 2011, 12:53:46 PM »
Good call that suggest a TDLO3 infection