Author Topic: Rootkit hidden filefloppy sys  (Read 77708 times)

0 Members and 1 Guest are viewing this topic.

crofty59

  • Guest
Rootkit hidden filefloppy sys
« on: December 06, 2011, 12:16:32 PM »
In C:\windows\system32\drivers\sfloppy.sys
Received warning from Avast about a Rootkit: hidden folder, was asked if i wanted to delete it which i did.
Then avast asked me if i wanted to do a boot scan, which i did came up clean. About 5 minutes later i received the same warning. This time i told avast to ignore it. I did a check using the right click feature with avast on the offending item came up clean.
Just curious if this is a false positive.

Cheers
using xp home Avast free

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36238
Re: Rootkit hidden filefloppy sys
« Reply #1 on: December 06, 2011, 12:21:32 PM »
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
when you have the result, copy the url in the address bar and post it here for us to see


alternative
Jotti     http://virusscan.jotti.org/en
VirSCAN   http://virscan.org/
Metascan   http://www.metascan-online.com/



Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm


“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

crofty59

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #2 on: December 06, 2011, 12:26:46 PM »

Offline spirits247

  • Newbie
  • *
  • Posts: 13
Re: Rootkit hidden filefloppy sys
« Reply #3 on: December 06, 2011, 12:31:19 PM »
I just got the same message - Rootkit alert, for sfloppy.sys. Happened today for the first time.

The file reported checks out fine. I checked its MD5 against known clean files:

MD5: 8E6B8C671615D126FDC553D1E2DE5562
C:\Windows\Drivers\sfloppy.sys

Seems like a false positive with the latest updates.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36238
Re: Rootkit hidden filefloppy sys
« Reply #4 on: December 06, 2011, 12:31:51 PM »
and remeber....if you delete,you have no options left...then you cant check the file
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline tlcoles

  • Newbie
  • *
  • Posts: 1
Re: Rootkit hidden filefloppy sys
« Reply #5 on: December 06, 2011, 12:32:22 PM »
Had the same myself with boot. Looked at the file date and looked up the info about the file online. Looks like a false positive to me too, so I selected ignore.

I am also an Avast Home user.

Offline T.P

  • Newbie
  • *
  • Posts: 2
Re: Rootkit hidden filefloppy sys
« Reply #6 on: December 06, 2011, 12:33:23 PM »
Hello,

I have the same message, i just need to ignore it ?

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36238
Re: Rootkit hidden filefloppy sys
« Reply #7 on: December 06, 2011, 12:33:56 PM »
you can report false positive here 
http://www.avast.com/contact-form.php?loadStyles

you may add a link to this topic
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline lister

  • Full Member
  • ***
  • Posts: 119
  • I'm a llama!
Re: Rootkit hidden filefloppy sys
« Reply #8 on: December 06, 2011, 12:35:02 PM »
I got the same warning.
CPU: Intel Core i7 2600 OS: W7 x64 sp1(updated) MEMORY:16gb RAM SYSTEM DISK: 128gb GRAPHICS: AMD Radeon HD 6900 2gb SECURITY SOFTWARE: avast! free (7.0.1426) - comodo firewall 5.10

Offline zing

  • Newbie
  • *
  • Posts: 5
Re: Rootkit hidden filefloppy sys
« Reply #9 on: December 06, 2011, 12:38:42 PM »
Same thing here. Happened about an hour ago. I am using Avast Free on Windows XP SP3. I chose "delete" and then restarted the system. After the scan, Avast found nothing suspicious. Now I got the same alert again. Seeing that others have absolutely the same error at almost the same time and regarding the same sfloppy.sys file, I think that is probably something wrong with Avast itself. Although it is strange, that after choosing "delete", the file is still there.

PS: Already did a virus check with Jotti, VirSCAN and Metascan. All sites say the file is safe and found nothing wrong.
« Last Edit: December 06, 2011, 12:43:17 PM by zing »

Offline Tetsuo

  • Poster
  • *
  • Posts: 594
Re: Rootkit hidden filefloppy sys
« Reply #10 on: December 06, 2011, 12:46:51 PM »
I got the same warning.

System Information:

Win XP Pro SP3
Avast! Free AV 6.0.1367 (Behaviour/Script Shield removed)
Online Armor Free 5.1.1.1395 (Web Shield disabled)

*Avast!/OA mutually excluded

crofty59

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #11 on: December 06, 2011, 12:51:27 PM »
you can report false positive here 
http://www.avast.com/contact-form.php?loadStyles

you may add a link to this topic

Thanks Pondus
I have sent a report, but i forgot to put a link in for this topic.

cheers

Offline brasilz

  • Newbie
  • *
  • Posts: 5
Re: Rootkit hidden filefloppy sys
« Reply #12 on: December 06, 2011, 12:54:37 PM »
Same here.
I renamed file before delete, and did the boot scan. Nothing found. When I log in I get same Sfloopy warning. Took option to delete, but it hasn't been deleted. The file is the correct size, and I feel this is a false positive.

Offline growler321

  • Newbie
  • *
  • Posts: 1
Re: Rootkit hidden filefloppy sys
« Reply #13 on: December 06, 2011, 12:59:32 PM »
i am also getting the same warning "sfloppy rootkit" iv scanned with rootkit killers malware scanners all are coming back clean but every few mins the message pops back up hope this is just a false posative has ignoring it is not something i like to do when i get warnings grrrrr

Offline xtinguish

  • Jr. Member
  • **
  • Posts: 48
Re: Rootkit hidden filefloppy sys
« Reply #14 on: December 06, 2011, 01:02:53 PM »
Exactly the same here with Windows XP Home SP3. Deleted the file, did boot time scan and restarted and now getting same notification that rootkit is still there.  Scan says system is clean.