False positive? And Error: The request is not supported (50)

Hi :slight_smile:

Today I scanned my laptop with Avast 6 pro and it find this:

C:##aswSnx private storage\sfzone\image\Users\Martin\AppData\Local\Temp\6DCF1046.dll Rootkit: hidden file
C:##aswSnx private storage\sfzone\image\Users\Martin\AppData\Local\Temp\6DCF14E8.dll Rootkit: hidden file

Proces 3772 [superantispyware.exe], memory block 0x0000000004360000, block size 10027008 Threat: Win32:Small-BWI [Trj]
Proces 3772 [superantispyware.exe], memory block 0x00000000137F0000, block size 4194304 Threat: Win32:Agent-AHBJ [Rtk]
Proces 3772 [superantispyware.exe], memory block 0x0000000013BF0000, block size 8388608 Threat: Win32:Tiny-IF [Trj]
Proces 3772 [superantispyware.exe], memory block 0x00000000143F0000, block size 16580608 Threat: Win:Femad-R [Trj]
Proces 3772 [superantispyware.exe], memory block 0x00000000159E0000, block size 1048576 Threat: Win32:Cutwail-K [Trj]
Proces 3772 [superantispyware.exe], memory block 0x000000001AC40000, block size 2097152 Threat: Win32:Bredolab-AP [Trj]

Avast wont let me put them in quarantine! And with the memory blocks it’s unable to do anything about them! Are these false positive and what can I do to remove them?

Thanks :slight_smile:

You are doing a memory scan and these are put there by SAS as resident definitions
[superantispyware.exe], memory block 0x0000000004360000,

As they are in memory they cannot be removed, plus there is no need to do a memory scan

Okay, thanks :slight_smile: but what about the first 2 rootkits?

C:##aswSnx private storage They are in safe zone and possibly a false positive, but just reset safe zone

Okay, Thanks a lot ;D