sptd.sys likely a false positive

[cadremis]

Avast deleted the file, I guess I have to do the same thing than you...pufff... let's wait for Avast to correct this if this is a really FP.

But I would like to know by a tech if this is a real root kit or not and if they will correct it today...

I did a scan with malwarebytes and detected nothing.

[vordme34]

@cadremis: SPTD.SYS comes with Alcohol 52 etc and Demon tools.. If you use these programes that's why you had the file in \system32\ (though I guess it could be delivered with other progs as well). There's no chance that we're all infected with a tampered SPTD.SYS. It's avast's fault and they should fix it asap.. As they should fix their silly interface which gives the option to ignore and it then deletes the file without your permission.. This is pathetic!

[hectic-mmv]

Avast deleted the file, I guess I have to do the same thing than you...pufff... let's wait for Avast to correct this if this is a really FP.

But I would like to know by a tech if this is a real root kit or not and if they will correct it today...

I did a scan with malwarebytes and detected nothing.

Hola Cadremis,

please what version of Alcohol do you have installed? Is this happening only on Win XP?

[Rassilon]

@cadremis: Don't do anything until they fix their sigs!
I just told it to ignore it and it deleted the damned file. I now have to reinstall daemon tools and/or Alcohol 52..

you don't have to reinstall Daemon or Alcohol, just the SPTD driver:

http://www.duplexsecure.com/en/downloads

on the bonus side, the latest version of SPTD (currently v1.78) linked above fixes some blue screen issues that version 1.76 has (v1.76 being the one that triggers the avast response)

P.S.(edit) i had v1.75 of sptd (and a similar older daemontools) but didn't have any bluescreen issues with it.
I also got the avast warning but this issue with avast finally got me to upgrade to sptd 1.78 and latest daemon tools lite.

[cadremis]

Avast deleted the file, I guess I have to do the same thing than you...pufff... let's wait for Avast to correct this if this is a really FP.

But I would like to know by a tech if this is a real root kit or not and if they will correct it today...

I did a scan with malwarebytes and detected nothing.

Hola Cadremis,

please what version of Alcohol do you have installed? Is this happening only on Win XP?

It is happening to me in Windows 7 even with the latest update of Avast...rm

[cadremis]

I ended up uninstalling Alchohol trial version today but same alert is coming everytime I re-start the computer... now what? this is really anoying! I asked Avast to delete the file but every time I re-start the computer it comes back.

Guys,
I need help here!  what do I do?

[kvra_]

False positive with certainty, and so searched the forum Daemon T. this file
is used to secure the registration of the program, and also connected to this virtual drive.

I'll stick with the option to ignore until the next update...

[Nesivos]

  Search Results for "sptd.sys"
 
   Rootkit.Agent/Gen-Haxdoor.Process
Rookit that may log user information and possibly block access to certain security related sites.

Category : TROJAN

http://www.fileresearchcenter.com/search.html?searchitem=sptd.sys&search=Search...

[cadremis]

If it is a real Trojan why Avast doesn't do anything about it, I have deleted the file and made 4 boot scans according Avast recomendations but still there.

Mbmam does not detect it, Superantispyware is not detecting it either.

Please let me know the real way to get rid of this thing that it is really anoying me...rm

[kvra_]

The most effective way of removing the file would be at SPTD.SYS DuplexSecure uninstaller.

That usually is at: start / all programs / DAEMON tools lite / SPTDSetup

Of course, if your case is linked to Daemon T.
-
I'll still wait for an update in avast because I have no intention of removing the SPTD and Daemon from my system.

[Nesivos]

You can upload the file on this link and see what it says about your specific sptd.sys file.

http://www.virustotal.com/index.html

[cadremis]

Someone did it before...

http://www.virustotal.com/file-scan/report.html?id=ccac2cc44f90001da973d2b6e644ff37fa6c31c7a3abd936645382537fa63edd-1306837223

[DavidR]

Which was a bit of a pointless exercise as this is the anti-rootkit scan that is flagging this, something which can't be run from VT. So I wouldn't expect it to find anything and that is the same reason why the standard scans of avast don't detect anything.

What is considered suspicious I don't completely know, but most certainly it must be a hidden process/driver, why it needs to be run hidden is beyond me.

As for why after asking avast to delete it and it coming back, well I don't know if avast is only removing the hidden driver and not the actual file from the system32\drivers folder. So there is some program which uses this driver and is reloading it. Finding what that might be is going to be the hard part.

I don't have the sptd.sys file on my XP Pro SP3 system, is your alert on the XP or win7 system ?

[kvra_]

I'm using Windows Vista Ultimate SP1/Avast v.6.0.1125/110531-1 free and am getting the same message mentioned by other users in Avast.

For now I'm still cranking mode''ignore'' when I get the message.

I will remain so until he had more details, or perhaps the ''problem'' solved in a next update.

[cadremis]

The alert is only in Windows 7 for the moment, in that computer I installed Alchohol 3 days ago, Now as I said I uninstalled it but the alert is still driving me crazy..rm