Author Topic: Also having problems with possible FP's since yesterday  (Read 7275 times)

0 Members and 1 Guest are viewing this topic.

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Also having problems with possible FP's since yesterday
« on: June 01, 2011, 02:04:47 PM »
Okay since yesterday i am also getting possible FP's. And yes i realize that every AV will produce FP's but before yesterday i hat only one FP with Avast IS v6. Since yesterday it even reports several of it's own drivers as being Rootkit: system modification? And Avast reported that at the next boot up it will try to repair the drivers. I know i can set it differently but i just translated it a bit since those lines are in Dutch.

Quote
* Taak 'Volledige systeemscan' gebruikt
* Gestart op woensdag 1 juni 2011 8:30:00
* VPS: 110531-1, 31-05-2011
*

C:\Windows\system32\drivers\amdsata.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\amdxata.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswFsBlk.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswFW.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswMonFlt.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswNdis2.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswRdr.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswSnx.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswSP.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswTdi.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\bowser.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\iaStorV.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\mrxsmb.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\mrxsmb10.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\mrxsmb20.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\ntfs.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\nvraid.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\nvstor.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\srv.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\srv2.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\srvnet.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\storport.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbccgp.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbd.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbehci.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbhub.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbport.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\USBSTOR.SYS [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbuhci.sys [L] Rootkit: system modification (0)
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Besmette bestanden: 29
Totale bestanden: 308500
Totale mappen: 24972
Totale grootte: 112,0 GB

*
* Taak opgehouden: woensdag 1 juni 2011 9:27:58
* Run-time was 57 minute(n), 58 second(en)

With a full scan or when i start up my computer i get warned about these infections, but when i do a manual scan of the System32\Drivers folder then Avast mentions that no threat was found. I packed up the reported drivers with 7zip and hat it scanned on Virus Total...and this was the result:

http://www.virustotal.com/file-scan/report.html?id=5082fa41e271d5f5fb26f5f1a690120e93a1157ecd95b8c17d916fbf050270db-1306927621

As can be seen, all of them report no infections of the files inside the 7z archive. I also scanned a few of the reported drivers separately, and these are the results of those scans.

* http://www.virustotal.com/file-scan/report.html?id=6575156d4ed5b409dccc1cd331ec66f5e1bdc906dd18f78ca09550bf86f26cc7-1306928645

* http://www.virustotal.com/file-scan/report.html?id=e234672e9cfe1a95ad2e78e306e41e010b870221e6ebbc0e2b0be2fa5ce0cd76-1306928803

* http://www.virustotal.com/file-scan/report.html?id=52725d43097b2d52610048aa4999d707b65dae47b9922f8dc3f99729cd564c56-1306928951

I could do more single scans and post them here but that should not bring more to light why it suddenly give so many FP's...because that is what they appear to be to me. I am going to send the reported drivers to Avast.
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3060
Re: Also having problems with possible FP's since yesterday
« Reply #1 on: June 01, 2011, 04:23:37 PM »
Could you update to latest version 110601-0 and see if it fixed the FPs?

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1352
  • Artists Rendering of New Pauley Pavilion @ UCLA
Re: Also having problems with possible FP's since yesterday
« Reply #2 on: June 01, 2011, 04:41:11 PM »
Just curious.

Have you noticed as reduction in system performance?

Have you used GMER or another rootkit detection program to check for rootkit modifications?
« Last Edit: June 01, 2011, 04:53:51 PM by Nesivos »
OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: Also having problems with possible FP's since yesterday
« Reply #3 on: June 01, 2011, 04:46:47 PM »
*nmb

When i use program update from inside Avast IS v6 no mention is made about an update. My current version of Avast IS is v6.0.1125. Now in december last year i was one of those people who won a 1 year license for Avast IS, so maybe that is why there is no new update?

*Nesivos

No absolutely not it is as fast as always. All programs start fast, boot time is as fast as always. No loss in system performance.
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3060
Re: Also having problems with possible FP's since yesterday
« Reply #4 on: June 01, 2011, 04:49:37 PM »
*nmb
When i use program update from inside Avast IS v6 no mention is made about an update. My current version of Avast IS is v6.0.1125.

I am sorry. I was not clear. Update virus database. The latest is 110601-0

Quote
Now in december last year i was one of those people who won a 1 year license for Avast IS, so maybe that is why there is no new update?
Also, till the license is valid, you can get both product and virus database updates. Whether you have won in the quiz or bought it.
« Last Edit: June 01, 2011, 04:51:35 PM by nmb »

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: Also having problems with possible FP's since yesterday
« Reply #5 on: June 01, 2011, 04:54:10 PM »
Oops i guess i should have thought that. Well it already is 110601-0, but from the look of it that update came through a few hours after the Fullscan. So considering that the first fullscan today took around one hour...i will be back after a new fullscan.  :)
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: Also having problems with possible FP's since yesterday
« Reply #6 on: June 01, 2011, 05:57:37 PM »
Well the result is still the same.

Quote
* Taak 'Volledige systeemscan' gebruikt
* Gestart op woensdag 1 juni 2011 16:55:09
* VPS: 110601-0, 01-06-2011
*

C:\Windows\system32\drivers\amdsata.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\amdxata.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswFsBlk.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswFW.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswMonFlt.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswNdis2.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswRdr.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswSnx.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswSP.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\aswTdi.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\bowser.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\iaStorV.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\mbam.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\mbamswissarmy.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\mrxsmb.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\mrxsmb10.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\mrxsmb20.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\ntfs.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\nvraid.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\nvstor.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\srv.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\srv2.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\srvnet.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\storport.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbccgp.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbd.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbehci.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbhub.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbport.sys [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\USBSTOR.SYS [L] Rootkit: system modification (0)
C:\Windows\system32\drivers\usbuhci.sys [L] Rootkit: system modification (0)
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Herstellen van het bestand tijdens de volgende systeem start...
Besmette bestanden: 31
Totale bestanden: 307962
Totale mappen: 24581
Totale grootte: 111,8 GB

*
* Taak opgehouden: woensdag 1 juni 2011 17:49:23
* Run-time was 54 minute(n), 14 second(en)

Considering the tests i did before, i am fairly certain that they are False Possitives. After i started this thread i have send the reported files to Avast so i will wait and see what they report.
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 285
Re: Also having problems with possible FP's since yesterday
« Reply #7 on: June 01, 2011, 06:29:23 PM »
Hi i really cant understand the result but those .sys are the FP?

Because 2 of your .sys is same as mine.

Usbtor.sys and mbamswissarmy.sys.

tnx
Windows 10 Pro 1909/ Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84777
  • No support PMs thanks
Re: Also having problems with possible FP's since yesterday
« Reply #8 on: June 01, 2011, 06:40:29 PM »
I have sent an email to the virus labs, hopefully someone will be looking into this one as many of these detections are on avast drivers.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline marke68

  • Newbie
  • *
  • Posts: 7
Re: Also having problems with possible FP's since yesterday
« Reply #9 on: June 01, 2011, 06:58:05 PM »
Seems i'm having the same trouble as the OP.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84777
  • No support PMs thanks
Re: Also having problems with possible FP's since yesterday
« Reply #10 on: June 01, 2011, 07:27:50 PM »
Do not delete.

Are you also ding a Full System Scan or a Quick scan ?
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: Also having problems with possible FP's since yesterday
« Reply #11 on: June 01, 2011, 08:10:06 PM »
Hi i really cant understand the result but those .sys are the FP?

Because 2 of your .sys is same as mine.

Usbtor.sys and mbamswissarmy.sys.

tnx

Well i think they are yes.

I have sent an email to the virus labs, hopefully someone will be looking into this one as many of these detections are on avast drivers.

Thank you DavidR.

Seems i'm having the same trouble as the OP.

Please do not miss understand me...but that is good to know. makes it not a isolated case.


Also i just hat MBAM v1.51(Free version) do a full scan and the result was...no infection. A ggogle translated dutch to english MBAM scanlog.

Quote
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database Version: 6745

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

1-6-2011 19:58:49
mbam-log-2011-06-01 (19-58-49). txt

Scan type: Full Scan (C: \ | D: \ |)
Objects scanned: 334194
Elapsed time: 54 minutes / minutes, 42 seconds (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values ​​Infected: 0
Registry Values ​​Infected: 0
Folders Infected: 0
Infected Files: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values ​​Infected:
(No malicious items detected)

Registry Values ​​Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Infected Files:
(No malicious items detected)
Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline marke68

  • Newbie
  • *
  • Posts: 7
Re: Also having problems with possible FP's since yesterday
« Reply #12 on: June 01, 2011, 08:24:46 PM »
@Morro41.. No problem mate its always reassuring to know you're not the only one with the same problem,strange its only affecting a few of us.

I should point out to whoever's dealing with this problem that i'm using AIS Build 6.0.1125 Definition Version 110601-0 with Win7 X86.

Offline marke68

  • Newbie
  • *
  • Posts: 7
Re: Also having problems with possible FP's since yesterday
« Reply #13 on: June 01, 2011, 08:27:31 PM »
Do not delete.

Are you also ding a Full System Scan or a Quick scan ?

I wont mate,i've been around long enough to know never to delete system files,it was a quick scan.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84777
  • No support PMs thanks
Re: Also having problems with possible FP's since yesterday
« Reply #14 on: June 01, 2011, 09:13:09 PM »
Ensure that you have the latest virus definitions (110601-1) as I have run a Quick and Full System Scan and no detections were made.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security