Author Topic: Rootkit hidden filefloppy sys  (Read 77683 times)

0 Members and 1 Guest are viewing this topic.

Offline grsvtl

  • Newbie
  • *
  • Posts: 1
sfloppy.sys - System file
« Reply #60 on: December 06, 2011, 04:33:27 PM »
All my friends, whom I've instaleed Avast have such problem.
sfloppy.sys - System file

avast made a mistake, please fix it.

Offline Pedrita

  • Newbie
  • *
  • Posts: 2
Re: sfloppy.sys - System file
« Reply #61 on: December 06, 2011, 04:37:29 PM »
All my friends, whom I've instaleed Avast have such problem.
sfloppy.sys - System file

avast made a mistake, please fix it.

Hello, I'm from Brazil and the same thing is happening with my PC. Also I'm using XP.
I think it's a false positive.

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 284
Re: Rootkit hidden filefloppy sys
« Reply #62 on: December 06, 2011, 04:39:00 PM »
I have that also!

False positive.
« Last Edit: December 06, 2011, 04:52:45 PM by -Genesis- »
Windows 10 Pro 1703/ Windows Defender/ Sandboxie/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

Offline dlandsk

  • Newbie
  • *
  • Posts: 1
Re: Rootkit hidden filefloppy sys
« Reply #63 on: December 06, 2011, 04:39:51 PM »
Same problem here, from Chile, 3 PC with Windows XP and Avast:


Offline Compbck

  • Newbie
  • *
  • Posts: 1
Re: Rootkit hidden filefloppy sys
« Reply #64 on: December 06, 2011, 04:41:31 PM »
I have just received 6 calls from various customers that I support who have been trying in vain to resolve what appears to be a False / Positive error purporting to detect a rootkit in the C:\windows\system32\drivers\sfloppy.sys directory.

Thay all possess Windows XP machines. I have just completed the remote scan of a workgroup server which has the alleged rootkit and despite Avast Boot Scans it still exists.

I have not experienced a problem with Windows 7 machines.

I have now informed all of my users to ignore the threat in the hope that AVAST will be updated in the near future to resolve this unusual gliche.

Please DO NOT BLAME AVAST - I have had similar experiences with NORTON / MACFEE / KAPERSKY in the past.

Offline char.aznarble

  • Newbie
  • *
  • Posts: 2
Re: Rootkit hidden filefloppy sys
« Reply #65 on: December 06, 2011, 04:54:37 PM »
it is strange that my scan report of c:\windows\system32\drivers is OK, but Avast is always reporting such error after rebooting the computer, only once every reboot. maybe some conflicts exist between Avast and other specfic programs.

I have that also!







Offline SirNobody

  • Newbie
  • *
  • Posts: 6
Re: Rootkit hidden filefloppy sys
« Reply #66 on: December 06, 2011, 04:57:12 PM »
Well I had the same issue on ONE of my two laptops (XP SP3 Home) - deleted it - did the recommended reboot and boot scan then when PC booted up completely found the "regenerated" C:\Windows\System\Drivers\Sfloppy.sys as expected.  Its a protected file which means Windows will reinstall the backup (from dllcache if I recall correctly if its found to be missing). Ran the Avast Home scanner specifically on this file and got a clean result.

During the long boot scan I also checked my other PC (XP SP3 Pro) which has same virus definition files (111206-1) and also specifically checked this file and again got a clean result.

Came onto here to check and looked back at the XP Home PC and found its triggered AGAIN - even though a short while ago it said it was clean - going to ignore warning this time, not do a reboot & boot scan... and guess what: a scan of the file (right click from explorer) still thinks it is clean...

The properties panal suggests that this is a "SCSI Floppy Driver" - so I guess its only vital to Jazz ZIP drive users???

I suppose that it is the in-memory image that is triggering Avast's alert - and don't forget a floppy driver as this is, is going to be able to format boot sectors of a potentially bootable device when presented with blank media for instance, so there is bound to be some code in it that could be viewed as dodgy if taken out of context!
« Last Edit: December 06, 2011, 05:00:01 PM by SirNobody »

Online Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2088
Re: Rootkit hidden filefloppy sys
« Reply #67 on: December 06, 2011, 04:58:10 PM »
Hello,
the issue (causing false positive) was resolved. VPS will be released asap.

Milos

Offline Honda_CB750

  • Newbie
  • *
  • Posts: 2
Re: Rootkit hidden filefloppy sys
« Reply #68 on: December 06, 2011, 04:58:45 PM »
Some years back I had a much worse experience with Norton, it damaged files. And they kept pretty quiet about it. And when they put out a fix, the fix that people in California downloaded kept causing damage for about 2 hours, until they did another fix! Like I say, Norton did not advertise this! I'll stay with Avast, but they sure gave me a scare today! But when I put in the hard drive that I cloned 4 days ago, and it had the same problem, I started to figure things out, and now at this forum I get re-assured that it is just a fake positive! I feel much better! Thanks, forum!
Stan

Offline SenzaDubbio

  • Newbie
  • *
  • Posts: 1
Re: Rootkit hidden filefloppy sys
« Reply #69 on: December 06, 2011, 05:02:56 PM »
I just installed windows xp on a laptop this morning.  I'm a computer tech, and there's no way that this file is a rootkit unless it's from Microsoft. I recommend you ignore it.

Offline Pedrita

  • Newbie
  • *
  • Posts: 2
Re: Rootkit hidden filefloppy sys
« Reply #70 on: December 06, 2011, 05:03:48 PM »
Hello,
the issue (causing false positive) was resolved. VPS will be released asap.

Milos

Thank you very much!

Offline spirits247

  • Newbie
  • *
  • Posts: 13
Re: Rootkit hidden filefloppy sys
« Reply #71 on: December 06, 2011, 05:04:00 PM »
Hello,
the issue (causing false positive) was resolved. VPS will be released asap.

Milos

Nice one. Thanks for the quick fix! :)

Offline Honda_CB750

  • Newbie
  • *
  • Posts: 2
Re: Rootkit hidden filefloppy sys
« Reply #72 on: December 06, 2011, 05:07:29 PM »
Thank you for the info, Milos.
Stan

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 284
Re: Rootkit hidden filefloppy sys
« Reply #73 on: December 06, 2011, 05:09:31 PM »
I hate rootkits!

Earlier i am deciding to format my OS because of this luckily i visited avast forum.

I think plenty Avast users reformatted their system. :'(
Windows 10 Pro 1703/ Windows Defender/ Sandboxie/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

Offline jfh

  • Newbie
  • *
  • Posts: 7
Re: Rootkit hidden filefloppy sys
« Reply #74 on: December 06, 2011, 05:18:40 PM »
OK, so now we know (and so does Avast) - it is a false positive.  Just for curiosity, how long should it take for Avast to correct the situation?