Rootkit hidden filefloppy sys

[Pondus]

Alright, if this is a false positive, can Avast please come up to the plate and hit the ball instead of wasting everybody's time?

you can be 110% sure they are working on it....but the fix has to be tested before they release it

[DavidR]

Kind of weird. A person posted on Yahoo answers that Avira picked it up as a virus so they installed avast! and got the same problem. Shared database?
<snip>

There is no shared database, coincidence yes, if both are doing a rootkit scan and this is a hidden process then there will be a possibility of a hidden driver being considered a rootkit incorrectly. Unfortunately, even though this is a system file is isn't digitally signed and that doesn't help if something is suspect.

I got it on one of my XP computers but, get this, I disabled Avast long ago.

Avast is listed as a startup program in msconfig but I'm fairly sure I disabled the item long ago.

Then again, it could be one of my senior moments.

Please don't change the topic title, just put that in the body of your post.

But to answer that NO it isn't a hoax, which is completely different from what it is likely to be a False Positive.

[Tgell]

Sorry, I should not have said shared database but what about shared signatures on some malware? I think the Vendors do this correct?

[blankqueen]

I just got this same problem a couple of hours ago. I've now read through all the answers here, but as I'm completely inept with computers, let me get this straight: we're just to wait and hope Avast fixes this? To do nothing now?

[DavidR]

Sorry, I should not have said shared database but what about shared signatures on some malware? I think the Vendors do this correct?

Same thing, no shared signatures, no all vendors don't do that. Some might be using their engine and database but that would be under a licensing agreement and nothing exists between Avast and Avira other than the coincidence they are both begin with the letter 'A.'

[DavidR]

I just got this same problem a couple of hours ago. I've now read through all the answers here, but as I'm completely inept with computers, let me get this straight: we're just to wait and hope Avast fixes this? To do nothing now?

Select Ignore if the alert comes up again, monitor this forum, click the Notify button at the bottom of the page. You will get an email for new posts, as you might imaging you will probably get a lot as it is active. You could also bookmark this link http://forum.avast.com/index.php?topic=89963.msg716133;topicseen#new, which will open the topic for new replies that you haven't yet viewed.

[blankqueen]

Thanks DavidR! I will do as you suggested!

[DavidR]

You're welcome.

[maheshc]

i already did as AVAST suggested , to delete and reboot bootscan, but no threat found.
so what about the file i have lost ? and the alert is still popping

[acuariano]

got the message too..must be a false positive..
hope fix comes soon

[crixx]

Check in \WINDOWS\Driver Cache\i386 directory. There should be a sp3.cab file. You can open it with Winrar, find sfloppy.sys and extract it to \WINDOWS\system32\drivers. If you don't have sp3.cab, use driver.cab instead. It will probably contain an older version of the sfloppy.sys, but still better than not having it at all (if you need it).

I did this and now I get 2 infections instead of 1.  

[antrox]

100% false !!!!

[Geno Raptor]

i already did as AVAST suggested , to delete and reboot bootscan, but no threat found.
so what about the file i have lost ? and the alert is still popping

Same here, just how badly have we fucked up due to this s**t?

[char.aznarble]

same thing has happened in my computer, which is windows xp with sp3.

but when i manually scanned sfloppy.sys with avast, nothing suspicious was reported. this is very strange.

so i personally think sfloppy.sys is clean, but is it possible that specific action such as one API inside sfloppy.sys is being called by another process may cause this symptom?

i am looking forward to official answer from avast.

[zing]

I did this and now I get 2 infections instead of 1.  

What do you mean, you have 2 infections? Did you check if sfloppy.sys is really gone from system32\drivers directory (hope you are not checking just system32 directory, as available implied earlier ?

If sfloppy.sys file is really deleted from the system32\drivers directory, doing what I mentioned earlier, will just place a copy of this file (the file from sp3.cab should be the same as the original one in system32\drivers) in system32\drivers. If the file is there, you should be asked to replace it.

PS: I restarted the system a few times and everytime after Windows started, Avast showed the same warning about sfloppy.sys. Checked manually for updates and the virus definitions updated from Current Version: 111206-0 to 111206-1. Rebooted again and the problem is still there, so as others suggested, I just ignored it and now am waiting for a new update, that will hopefully fix that.