You’re right… seems so.

No, I don’t have an Acer, it’s HP

I’m running into the same problem here, a whole list of suspected rootkits in the spoolsv.exe and spoolss.dll files, mostly in the Microsoft Document Imaging (mdigraph.dll, mdiui.dll, mdippr.dll) and the Software Distribution folder for printer files and updates. I’ve run several online scans, Spybot, SUPERAntiSpyware, and the Sophos Anti-Rootkit scanner, all of which found nothing. After reading this thread I opted to choose Ignore, and Don’t notify me again, but then Avast tells me it detected a virus in memory and wants to scan at reboot. I’ve allowed this to happen twice, which found nothing. I told Avast not to scan at boot once but Avast froze, eventually it continued scanning to completion (including the report containing all the erroneous rootkit detections). I then exited Avast and rebooted so I could run the scan again, which found the same supposed rootkits, even though I’d told Avast to ignore them and not to notify me again.

This is bad news for Avast. I hope you get this problem fixed soon. -kd5-

I think it’s time to work… there is something cheesy in the rootkit scanning… programmers uh uh

kd5, I’ve forgot to say that the better will be disabling rootkit scanning in the Troubleshoot page of program settings for a while. You’ll decrease protection, but, at least, your computer will be yours…

I hate the idea of disabling any of Avast’s capabilities but if that is the only option available to me then I suppose I will have no other choice. -kd5-

Better still, revert back to an earlier version of Avast with the up-to-date virus database and you should be protected. I use 1229.

Gerard

Good suggestion.

1. Uninstall avast from Control Panel first.
2. Boot.
3. Use Avast Uninstall for complete uninstallation.
4. Boot.
5. Stay off-line (not connected to Internet)
6. Install again the old version: http://filehippo.com/download_avast_antivirus/
7. Boot.
8. Register avast (insert the registration key).
9. Uncheck the programs updates (set to manual).
10. Only then connect to Internet (go on-line).
11. Check and post the results.

So, to recap, everyone having the problem has an Acer laptop, correct?

No. This is a custom-built desktop computer, Windows XP Home Edition, currently SP2, soon to become SP3 (as soon as I can overcome this sense of unease regarding these false positives). There is no Acer anywhere near this computer. -kd5-

Would anyone of you be willing to give me a remote access to your system?

Remote desktop, or LogMeIn, or something similar.

Thanks
Vlk

So, to recap, everyone having the problem has an Acer laptop, correct?

No as I mentioned mine is a HP

i just hate myself i ‘destroyed’ (total wipe by drive manufacturer test tools) with most likely very infested OS by some weird rookit
(no known AV was able pick it up) but it was able kill any AV (including latest KAV ,Avira, DRW5 etc) in exactly 24-48h timeframe after install …
but AVs with self protections were able spot something goes wrong but failed to protect itself at max just reporting self damage like avast warning about own files modification

all i know it made several sectors on OS partition to be inaccessable by OS causing issues when OS tried access them in non standard way and OS crashed …
(HDD is w/o any physical errors tested by several tools to be sure)

the most interesting thig was that due to these errors it was impossible to obtain flawless 1:1 image of the infected OS drive
also inside the whole memory dump there were some traces indicating it’s using some of RPC exploits known to date

i got copy of all possible files from that system but i doubt that will lead to any successfull find but if someone is interested just PM me but passive scans reveal nothing …

Vik,

Access to someone’s PC is a hard one to comply with. Too many bits 'n pieces that are secure. Can you not think of another way to crack this problem. It really needs fixing!!!

Gerard

And this is what they are trying to do, go the extra mile to research why it might be happening and simply submitting the file may not provide enough information, since this problem (for the most part) only seems to be effecting a limited sub set of users and avast are obviously unable to replicate the problem in their labs.

It is very rare to see this kind of commitment to resolve a problem that isn’t effecting all avaast users.

If you can’t trust your AV who can you trust as you are effectively trusting them by installing the AV. If you have anything truly sensitive you could encrypt and password protect the folder/s that it is in.

I have never had to use a remote connection but you have to be present and I guess could monitor what is going on.

I understand fully with what you are saying, but cannot fully accept that the internet is safe enough to take any chances. To a degree I can work under instructions.

Not really, at least not for Remote Desktop, not sure about LogMe in.

Anyway, it’s understandable that not everybody would agree to that; however, we are really not able to simulate this and the whole thing is a mystery (i.e. there doesn’t seem to be any visible problem in the code) - so, we really need somebody to help us out by providing the access to his/her computer where the problem reproduces. Let’s hope somebody appears soon.

LogMeIn uses a https (secure) connection if I’m not wrong.
You’re will be as opened as when you’re using the Internet.
Allowing a remote connection to Vlk won’t expose your system.

That’s not what I meant - I was just trying to say that a remote desktop-ped machine has a blank screen, you don’t see anything and can’t interfere (except for closing the connection).
As I wrote, I don’t know LogMe in, could be different there

Of course, Vlk is not interested in the data stored on the machine - only in finding out the cause of the problem.

In which side? With LogMeIn, the host desktop could be seen by the guest…
Maybe we’re talking the same with different words :-[