sptd.sys likely a false positive

[temp4746]

Avast! today mysteriously popped up a message saying that sptd.sys is a rootkit and after ignoring it, it popped another one which sayed the heuriestics identified it and then I saw it upload the file to Avast! during an update.

I think this is a false positive, sptd is a driver used by DuplexSecure used by some cd/dvd emulation software like Daemon Tools and Alcohol for a deeper emulation.

[Pondus]

upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see

alternative
Jotti  http://virusscan.jotti.org/
VirSCAN  http://virscan.org/

[Micky86]

i have same problem this 

See screenshot:

[temp4746]

upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see

alternative
Jotti  http://virusscan.jotti.org/
VirSCAN  http://virscan.org/

Here you go: http://www.virustotal.com/file-scan/report.html?id=ccac2cc44f90001da973d2b6e644ff37fa6c31c7a3abd936645382537fa63edd-1306837223

Had to use safe mode as it seems to be protected like a rootkit altough it isn't harmful or just loaded in the background so you can't touch it.

[Pondus]

jepp, looks like a FP to me



sigcheck:
publisher....: Duplex Secure Ltd.
copyright....: Copyright (C) 2004
product......: SCSI Pass Through Direct
description..: SCSI Pass Through Direct Host
original name: sptd.sys
internal name: SPTD.SYS
file version.: 1.76.0.0 built by: WinDDK
comments.....: n/a
signers......: Duplex Secure Ltd
 VeriSign Class 3 Code Signing 2009-2 CA
 Class 3 Public Primary Certification Authority
signing date.: 12:47 PM 11/23/2010
verified.....: -

[Asyn]

Here you go: http://www.virustotal.com/file-scan/report.html?id=ccac2cc44f90001da973d2b6e644ff37fa6c31c7a3abd936645382537fa63edd-1306837223

avast! isn't listed..!

[Lisandro]

Strange... you've got an alert while virus total shows nothing

[Asyn]

Strange... you've got an alert while virus total shows nothing

Yep, it is strange...
Which VPS are you guys on..??
Try to update manually.
Solved..?

[temp4746]

Strange... you've got an alert while virus total shows nothing

Yep, it is strange...
Which VPS are you guys on..??
Try to update manually.
Solved..?

VPS: 110531-0 latest (ATM)
Manual update doesn't help.

The funny thing is scanning that file manually with Avast! shows it's not a virus it's only some monitor heuristic/rootkit heuristic that seems to not like that file.

[Asyn]

Interesting...
You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles

[cadremis]

It happened to me today, I installed Alchohol 3 days ago and this morning Avast said I had a rootkit and recommended to delete it and recommended a boot scan too, so I did it and nothing was found, but then I came here to see if someone else is having the same problem and I found this thread.

Is it a FP or not?

[vordme34]

Avast deleted it though I specifically ordered it to ignore it and to just send it to avast labs!! Wasn't able to upload to virustotal (don't know if avast was the reason for that or the file was self-protected). Way to go.. I guess my Alcohol and Daemon tools might not be working now, because this surely is a legitimate file of those programs. There has to be something wrong with the new sigs (mine were updated just a few minutes ago, before avast came up with the pop-up other users have posted).

[cadremis]

Guys,
What do I do? Avast is giving me pop ups everytime I re-start my computer with the same alert.

[cadremis]

Now another different pop up with the same alert

[vordme34]

@cadremis: Don't do anything until they fix their sigs!
I just told it to ignore it and it deleted the damned file. I now have to reinstall daemon tools and/or Alcohol 52..