sptd.sys likely a false positive

[cadremis]

Since I never received and answer form Avast and since I do not use Alchohol and Deamon Tools I decided to use killbox to get rid of that file on re-boot, now my sistem is clean again and not receiving such alerts.

Thanks..rm

See attached picture

[essexboy]

No that looks OK - when I had the case aswMBR put rootkit in big bright red letters next to it

[MeDIeVaL]

I do not use either Alchohol nor Deamon Tools but still got the sptd.sys warning today. Scanned with aswMBR and I got this...

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-10 17:08:16
-----------------------------
17:08:16.417    OS Version: Windows 6.0.6002 Service Pack 2
17:08:16.417    Number of processors: 2 586 0x170A
17:08:16.418    ComputerName: LOGAM-PC  UserName: Logam
17:08:19.521    Initialize success
17:08:33.442    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:08:33.444    Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 3
17:08:35.504    Disk 0 MBR read successfully
17:08:35.508    Disk 0 MBR scan
17:08:35.511    Disk 0 unknown MBR code
17:08:37.515    Disk 0 scanning sectors +625137345
17:08:37.614    Disk 0 scanning C:\Windows\system32\drivers
17:08:44.481    Service scanning
17:08:46.514    Disk 0 trace - called modules:
17:08:46.555    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864341f8]<<
17:08:46.556    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866141c8]
17:08:46.556    3 CLASSPNP.SYS[8c3a28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8647e8a0]
17:08:46.556    \Driver\atapi[0x85ab86e8] -> IRP_MJ_CREATE -> 0x864341f8
17:08:46.557    Scan finished successfully
17:12:01.940    Disk 0 MBR has been saved successfully to "C:\Users\Logam\Documents\MBR.dat"
17:12:01.945    The log file has been saved successfully to "C:\Users\Logam\Documents\aswMBR.txt"

What should I do next?

[Pondus]

Try this

kaspersky TDSSKiller  http://support.kaspersky.com/faq/?qid=208283363

if still problems, starte a new topic in the "virus an worms" section  http://forum.avast.com/index.php?board=4.0

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs in the new topic you start )


To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI

Essexboy will look at the logs when he arrive later today...

[essexboy]

Good call that suggest a TDLO3 infection