Author Topic: Rootkit hidden filefloppy sys  (Read 92859 times)

0 Members and 1 Guest are viewing this topic.

grsvtl

  • Guest
sfloppy.sys - System file
« Reply #60 on: December 06, 2011, 04:33:27 PM »
All my friends, whom I've instaleed Avast have such problem.
sfloppy.sys - System file

avast made a mistake, please fix it.

Pedrita

  • Guest
Re: sfloppy.sys - System file
« Reply #61 on: December 06, 2011, 04:37:29 PM »
All my friends, whom I've instaleed Avast have such problem.
sfloppy.sys - System file

avast made a mistake, please fix it.

Hello, I'm from Brazil and the same thing is happening with my PC. Also I'm using XP.
I think it's a false positive.

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 286
Re: Rootkit hidden filefloppy sys
« Reply #62 on: December 06, 2011, 04:39:00 PM »
I have that also!

False positive.
« Last Edit: December 06, 2011, 04:52:45 PM by -Genesis- »
Windows 11 Pro / Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

dlandsk

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #63 on: December 06, 2011, 04:39:51 PM »
Same problem here, from Chile, 3 PC with Windows XP and Avast:


Compbck

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #64 on: December 06, 2011, 04:41:31 PM »
I have just received 6 calls from various customers that I support who have been trying in vain to resolve what appears to be a False / Positive error purporting to detect a rootkit in the C:\windows\system32\drivers\sfloppy.sys directory.

Thay all possess Windows XP machines. I have just completed the remote scan of a workgroup server which has the alleged rootkit and despite Avast Boot Scans it still exists.

I have not experienced a problem with Windows 7 machines.

I have now informed all of my users to ignore the threat in the hope that AVAST will be updated in the near future to resolve this unusual gliche.

Please DO NOT BLAME AVAST - I have had similar experiences with NORTON / MACFEE / KAPERSKY in the past.

char.aznarble

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #65 on: December 06, 2011, 04:54:37 PM »
it is strange that my scan report of c:\windows\system32\drivers is OK, but Avast is always reporting such error after rebooting the computer, only once every reboot. maybe some conflicts exist between Avast and other specfic programs.

I have that also!







Offline SirNobody

  • Newbie
  • *
  • Posts: 6
Re: Rootkit hidden filefloppy sys
« Reply #66 on: December 06, 2011, 04:57:12 PM »
Well I had the same issue on ONE of my two laptops (XP SP3 Home) - deleted it - did the recommended reboot and boot scan then when PC booted up completely found the "regenerated" C:\Windows\System\Drivers\Sfloppy.sys as expected.  Its a protected file which means Windows will reinstall the backup (from dllcache if I recall correctly if its found to be missing). Ran the Avast Home scanner specifically on this file and got a clean result.

During the long boot scan I also checked my other PC (XP SP3 Pro) which has same virus definition files (111206-1) and also specifically checked this file and again got a clean result.

Came onto here to check and looked back at the XP Home PC and found its triggered AGAIN - even though a short while ago it said it was clean - going to ignore warning this time, not do a reboot & boot scan... and guess what: a scan of the file (right click from explorer) still thinks it is clean...

The properties panal suggests that this is a "SCSI Floppy Driver" - so I guess its only vital to Jazz ZIP drive users???

I suppose that it is the in-memory image that is triggering Avast's alert - and don't forget a floppy driver as this is, is going to be able to format boot sectors of a potentially bootable device when presented with blank media for instance, so there is bound to be some code in it that could be viewed as dodgy if taken out of context!
« Last Edit: December 06, 2011, 05:00:01 PM by SirNobody »

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Rootkit hidden filefloppy sys
« Reply #67 on: December 06, 2011, 04:58:10 PM »
Hello,
the issue (causing false positive) was resolved. VPS will be released asap.

Milos

Honda_CB750

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #68 on: December 06, 2011, 04:58:45 PM »
Some years back I had a much worse experience with Norton, it damaged files. And they kept pretty quiet about it. And when they put out a fix, the fix that people in California downloaded kept causing damage for about 2 hours, until they did another fix! Like I say, Norton did not advertise this! I'll stay with Avast, but they sure gave me a scare today! But when I put in the hard drive that I cloned 4 days ago, and it had the same problem, I started to figure things out, and now at this forum I get re-assured that it is just a fake positive! I feel much better! Thanks, forum!
Stan

SenzaDubbio

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #69 on: December 06, 2011, 05:02:56 PM »
I just installed windows xp on a laptop this morning.  I'm a computer tech, and there's no way that this file is a rootkit unless it's from Microsoft. I recommend you ignore it.

Pedrita

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #70 on: December 06, 2011, 05:03:48 PM »
Hello,
the issue (causing false positive) was resolved. VPS will be released asap.

Milos

Thank you very much!

spirits247

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #71 on: December 06, 2011, 05:04:00 PM »
Hello,
the issue (causing false positive) was resolved. VPS will be released asap.

Milos

Nice one. Thanks for the quick fix! :)

Honda_CB750

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #72 on: December 06, 2011, 05:07:29 PM »
Thank you for the info, Milos.
Stan

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 286
Re: Rootkit hidden filefloppy sys
« Reply #73 on: December 06, 2011, 05:09:31 PM »
I hate rootkits!

Earlier i am deciding to format my OS because of this luckily i visited avast forum.

I think plenty Avast users reformatted their system. :'(
Windows 11 Pro / Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

jfh

  • Guest
Re: Rootkit hidden filefloppy sys
« Reply #74 on: December 06, 2011, 05:18:40 PM »
OK, so now we know (and so does Avast) - it is a false positive.  Just for curiosity, how long should it take for Avast to correct the situation?