Keeps detecting a probable false positive "Elkbd.sys"

It’s an Intel Quick Resume Technology Driver. Some time back the same thing happened with Kaspersky (not to me), so I found out what it was on their forum. I’ve sent it to your labs yesterday, but it still thinks it’s Malware. At the moment I can’t really tell if it’s removal has done anything negative. Today it also caught another instance of it as well as a numbered file in the system volume information (probably just a copy of Elkbd).

I was not and am still not experiencing any problems with this machine. I will note that the program is probably old and not used by newer computers.

have you tested the file at VirusTotal.com ?

post link to scan result here

alternatives: jotti.org or metascan-online.com

Try a forum search for that file name as there is at least one other instance of this being detected as win32:Malware-gen, submit the file to avast for analysis.

Hi,

Same here, take a look on my thread http://forum.avast.com/index.php?topic=111239.0

That is the topic I was referring to thanks ;D

For the time being the computer hasn’t become “unusable” like it did for EricFr, but I’ve submitted the files to Avast Labs in hopes that this can quickly be resolved.

Here are the results from all 3 sites (since not all of them necessarily use the same scanners).

https://www.virustotal.com/file/067aa4d35d5faf9127003367b9417bce718559bceb43fa02a4f4e3142a3cb71c/analysis/1355659393/
http://virusscan.jotti.org/en/scanresult/03fa0a2ba675e1970ac99e3c618ef4c85a0e63e9
https://www.metascan-online.com/en/scanresult/file/6c617b4878124bb29be7a10e3c1ac375

Some scanners other than avast and GData did detect it, still not that high of a ratio though.

Also forgive me if I lack confidence in the Virus Labs on this. I submitted Jesterss.dll to the lab a long time ago https://forum.avast.com/index.php?topic=107217.10 which was clearly a part of Gateway’s screensaver, but to this day Avast still detects it as a Trojan.

First seen by VirusTotal
2009-06-11 23:03:51 UTC ( 3 år, 6 måneder ago )

Gdata use avast as one of its two virus engines

Kingsoft and Jiangmin are both based out of China. That’s… interesting.

I will also point out that the particular submition to virus total you mentioned came up clean by the message it showed me when submitting mine.

There’s always this: http://www.isthisfilesafe.org/product/Intel(R)%20Quick%20Resume%20Technology_details.aspx

A friend of mine has this problem with Avast. I recommended another free product until this is resolved. The system was XP Gateway Model 5064.

The trusted drivers can be obtained from the Gateway link below:

http://support.gateway.com/support/drivers/getFile.asp?id=20704&dscr=Intel%20Quick%20Resume%20DriverVersion:%20%201.0.0.1090&uid=363726761

If these drivers are removed from the Control Panel, native XP hid drivers are used.

Can anyone confirm these false positives are “fixed”?

Thanks.

I can confirm that my computer is also a Gateway model and as I said, Avast has caused problems on my Gateway brand computers in the past.