Avast 6.0.1119 and Alcohol 52% Rootkit detected by mistake

[AndreaVr]

Hello to all forum Avast a few days ago I updated my version of the Avast 6.0.1119 and having installed in the PC version of Alcohol 52% every time you restart the computer tells me that the antivirus has detected a rootkit inside the sptd.sys file that's just part of Alcohol!

 I tried to tell Avast to ignore the file, but every reboot it always presents the window of rootkits how do I eliminate this problem in the pc knew for sure that there are viruses? by scanning it absolutely does not detect any virus

This is in the log :

File C:\WINDOWS\system32\drivers\sptd.sys TDL3 **ROOTKIT**

This is the report the online scanner of Avast : http://onlinescan.avast.com/

http://imageshack.us/photo/my-images/829/scannerac.jpg/

The file is clean !

 Thanks to all who respond

[AndreaVr]

This is the result of the complete scan of Avast despite the fact that online scanner says that the file is clean

http://imageshack.us/photo/my-images/535/74158321.jpg

http://imageshack.us/photo/my-images/824/61384419.jpg

False Positive ?

[DanDare]

Hello AndreaVr,

Had same issue today. After testings and finally, after writing zeros to the HDD, installing windows from zero, installing Alcohol 52% from zero and installing latest Avast from zero, the rootkit was detected again.
So a last attempt to make sure Im not infected was writing a question to Alcohol support, what they quickly answered:

"Hello,

Yes, Alcohol uses a technology similar to the one used on a few rootkits, however this is not any kind of malware, the reason for the use of such technology is just to hide Alcohol drivers on the system so that game copy protection schemes are unable to detect and blacklist Alcohol virtual drives.


Thank you for your Question concerning our Software.

Best Regards

..."

After all this proves something good: Avast is improving it's detection heuristics. I think that it's up to Avast now inserting some secure exception to the Alcohol sptd.sys.

Created an account here just to post this one, may help other people not losing so many time with this one false positive.

Sorry if I write bad grammar here, english is not my native.

Salutations !!

[kvra_]

After all this proves something good: Avast is improving it's detection heuristics. I think that it's up to Avast now inserting some secure exception to the Alcohol sptd.sys.

Created an account here just to post this one, may help other people not losing so many time with this one false positive.

Sorry if I write bad grammar here, english is not my native.

Salutations !!

This exception should also be included for users with Daemon / SPTD (which is my case).

obs. reading some threads on the official forum Daemon T. administrators responsible for program and described a version of the fact, equal to that received by his support Alcohol 52.

Excuse my English! 

[cadremis]

http://forum.avast.com/index.php?topic=79072.0

[SafeSurf]

Since this thread was posted in the wrong area of the forum (should have been in the Virus/Worms section), has anyone uploaded or sent the file to Avast to be analyzed for a false positive as suggested in the thread below with the best information regarding this topic?

http://forum.avast.com/index.php?topic=79072.0

You can report a false positive (FP) here: http://www.avast.com/contact-form.php?loadStyles

[kvra_]

Since this thread was posted in the wrong area of the forum (should have been in the Virus/Worms section), has anyone uploaded or sent the file to Avast to be analyzed for a false positive as suggested in the thread below with the best information regarding this topic?

http://forum.avast.com/index.php?topic=79072.0

You can report a false positive (FP) here: http://www.avast.com/contact-form.php?loadStyles

I just sent the file and message stating support for a possible false positive.

As I believe it is! thanks for the address of the holder .

[SafeSurf]

You're welcome.  The file will be uploaded to Avast during the next virus definition update.  They will analyze it and if it is a FP fix it as soon as possible.  Thank you again.