Author Topic: rootkit infection warning classpnp.sys  (Read 2415 times)

Offline paulmars

  • Newbie
  • *
  • Posts: 14
  • I'm a llama!
    • Personal Message (Offline)
rootkit infection warning classpnp.sys
« on: December 06, 2011, 04:04:27 PM »
it asks to reboot and do a scan. i say ok, it finds nothing. I continue using computer, awhile later it pops up again warning of this rootkit infection. again it wants to reboot and do a scan. I say ok, again it finds nothing. The next day, it pops up that rootkit warning and wants to do...

u get the idea.

what should I do?

tks,
pa

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #1 on: December 06, 2011, 04:15:37 PM »
What is your Operating System ?

When was this detected ?
e.g. on an on-demand scan or roughly 8 minutes after boot (anti-rootkit scan, see image example) ?
What is the full path to this file, e.g. c:\windows\system32\drivers\ filename ?

Given the comment that this comes back later I suspect it isn't only the anti-rootkit scan, but also another one of the shields.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline paulmars

  • Newbie
  • *
  • Posts: 14
  • I'm a llama!
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #2 on: December 06, 2011, 04:35:09 PM »
xp pro sp3

not on a scan, longer then 8 minutes after boot.

c:\windows...\sfloppy.sys

was the 2nd or 3rd. the fist I got was ....classpnp.sys

all ask to reboot and scan and find nothing

tks

Offline Mayflower

  • Full Member
  • ***
  • Posts: 100
  • Gender: Male
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #3 on: December 06, 2011, 04:55:38 PM »
I got that warning too!

(xp pro sp3)
Core i3-2350M, 4GB, Win 8, Avast! Free Antivirus, Malwarebytes Anti-Malware Free, Mozilla Firefox, Piriform CCleaner

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #4 on: December 06, 2011, 05:20:04 PM »
@ paulmars
The VPS 111206-2 should have resolved the sfloppy.sys detection, I don't know if that is also the case for classpnp.sys, but I would suggest that you ensure you have the latest avast VPS version.

Once you have the latest version, reboot and see if anything is is detected, if so report what it was.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline paulmars

  • Newbie
  • *
  • Posts: 14
  • I'm a llama!
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #5 on: December 06, 2011, 05:52:59 PM »
it says its up to date

111206-2
6.0.1367

Offline paulmars

  • Newbie
  • *
  • Posts: 14
  • I'm a llama!
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #6 on: December 06, 2011, 06:02:10 PM »
I do have another issue, i dont think it causes this. its to do with email ssl/tsl. i will start a new thread. titled ssl and thunderbird

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #7 on: December 06, 2011, 06:26:09 PM »
it says its up to date

111206-2
6.0.1367

Then try a repair of avast:
XP - Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow.

You may need to reboot after the repair. This has in the past resolved this out of sync issue between reported and actual VPS version.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline paulmars

  • Newbie
  • *
  • Posts: 14
  • I'm a llama!
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #8 on: December 06, 2011, 06:45:33 PM »
done and fingers crossed.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #9 on: December 06, 2011, 06:47:53 PM »
Let us know how you get on.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline paulmars

  • Newbie
  • *
  • Posts: 14
  • I'm a llama!
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #10 on: December 08, 2011, 10:36:06 PM »
so far all is ok, tks again

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: rootkit infection warning classpnp.sys
« Reply #11 on: December 08, 2011, 11:12:45 PM »
You're welcome.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now