— the two being avast, and GDATA. [Note: GDATA is a superset of Avast… so any problem found by avast will also be reported by GDATA. Hence, it’s really only 1 detection].
hi, i too am having this type of problem, i am not savvy when it comes to technology, and would like to know if my computer is in danger. everything described on your post is the same thing happening to me, should i be worried.
FP (or F/P) means False Positive… a SAFE file, which Avast is erronesly detecting as being a virus.
If you have EXACTLY the same file/version being detected on your system, I’d say you’re safe [as I believe I am]. If you’re saying you have something “similar”… or perhaps ANOTHER file being detected as Sirefef… I can’t make any such assertion.
Officially, we have to wait for avast to concur… to see if they adjust their database to no longer detect this file in the future. When/if they do, i’ll report back here.
thanks alot for the fast response, i just posted a new topic asking for help, but now you answered my concern, again thanks and i’ll be checking up on this every now and then.
Just wanted to throw in Avast detected the same on my system. I found it hard to believe I had caught a rootkit, so a bit of searching brought me here.
It’s detecting C:\WINDOWS\system32\drivers\cercsr6.sys as Sirefef-AAP
I wasn’t aware what that file was, but I do have a dell machine that came with a RAID setup, so it makes sense. Do I need to restore the file?
I just had this falsely detected too on my Dell PC (same definitions as OP). It popped up in the ‘rootkit’ scan about 8 mins after boot this evening. I wrote down the info before saying send it to virus chest. I figured it was a FP (false positive). I just clicked ‘stop’ and not move to chest. Then before I could go online to research, another pop-up said “Root kit detected, suggest you do a boot time scan”. So I did.
While it was scanning, I used my iPad to search and found it’s a false positive reported here in the forum, so I stopped the boot time scan, booted and looked for the file, “Windows\System32\drivers[b]cercsr6.sys[/b]” It’s not there! Avast must have deleted it. I never tell it to delete a file. If I’m not sure, I send it to the chest and then research. It’s no in the chest either. :o
Does anyone know where I can get this file? Or… maybe I really don’t need it? Not sure.
Thanks, but not sure what version I have… or had. : I’m still on running SP-2 on WinXP (media player). Long story… but I can’t go to SP3 due to some hardware issue.
I found one here: http://www.runscanner.net/lib/cercsr6.sys.html, but not sure that’s the correct version either. It’s an exe file and looks like it has to be installed by a driver agent. Don’t know if that site is reliable either. Plus, it probably won’t work if I tried until after avast fixes the FP. My PC seems to be working ok for now. I do periodic image back-ups of my HDD so I know the file is somewhere (I use Symantec Live State Recovery or Live DeskTop). Just can’t find it yet.
It’s a “mini port driver” (DELL CERC SATA1.5/6ch Miniport Driver - Dell RAID Controller). Everything I’ve tried seems to work, so not sure. I think I can get it from my HDD backups though. Just have to figure out how… and then after avast fixes their definitions. Thanks.
Does anyone know where I can get this file? Or… maybe I really don’t need it? Not sure.
Thanks.
[/quote]
I wrote down the location that Avast detected on my system and it wasn’t in the windows driver folder, but the windows/dell folder. You might try looking for it there, or run a search for the file name (cercr6.svs)
here’s the exact location I received. Hope yours is there!
windows/dell/adaptec/cercsr6.svs
I had several files which I moved to chest during boot scans and one I deleted, sadly. How do I restore those files from the chest to my XP laptop?! One of them was that Dell file above. The restore option must be there but I’m missing it. Tried right-clicking, etc. Thanks!
CONFIRMING: the F/P has been FIXED in definitions 12 06 30 - 0
I thank avast for the timely response to my posting the F/P here… but feel bad about the others who have posted in this thread, who didn’t realize it was (or know about) a F/P .
Per a remark by Purplemuse, I just checked on my system, and discovered that I DO have a copy of that file in my
C:\WINDOWS\dell\cercsr6
subdirectory [and have compared with the system32\drivers file to confirm its the same version]. Hopefully, those who deleted theirs may be fortunate enough to find they do too.
Thanks to avast for fixing the FP for this Dell driver.
Thanks also to ky331 for pointing me in the right direction for finding this file. I also found it under ‘C:\WINDOWS\dell\cercsr6’. Copy and pasted in the correct directory.
What frustrates me though is I DID NOT delete this file nor did I click on ‘move to chest’. Avast just deleted it while I was writing down the name and dir of the suspected file – along with virus name. The only thing I clicked on was ‘stop’, which I thought would stop the process of deleting/quarantine or stop the virus from running (if it was a virus). I suspected it was a FP since it was a driver and wanted to research before taking any action.
The last FP I had was about a year or so ago when avast detected SAS as suspect or infected. The same thing happened… deletion of file. ??? :
Plus 8, If you have a WinXP machine, here are the instructions…
I assume you found the file “cercsr6.sys”, right-click on it and click ‘copy’. Then navigate to “Windows\System32\drivers”. Right-click on the ‘drivers’ folder and click ‘paste’. You can verify the file now exists in the Windows\System32\drivers directory.
Hmmm… I found the folder dell/cercsr6 but have no cercsr6.sys in there. It’s in my Avast chest of course. No way to restore it out of there? I thought the purpose of a chest was to allow a file to be retained and restored if necessary?
No copy under system32/drivers either. Any other suggestion?
I’m still on running SP-2 on WinXP (media player). Long story… but I can’t go to SP3 due to some hardware issue.
