As the title says I boot up my PC and it flags a system32 file with potential danger, I forget if it said malware or not.
The file is in my drivers\iqvw64e.sys and Avast has blocked the driver.
Now being a tech IDIOT I instantly turn to panic mode and run a virus scan, as well as Malwarebytes to find out. However the scan then reveals no viruses or malware found, as well as Malwarebytes also not finding anything.
How likely is it that I have found a false positive, or two, rather than a pair of false negatives?
Just out of curiosity I have done what others may suggest and uploaded the file to Virustotal, and it has a flag on it, by something/one called Elastic, so I have no idea what to do. Should I report it to Avast?
Creation Time
2013-11-14 15:22:43 UTC
First Seen In The Wild
2013-04-04 20:51:50 UTC First Submission
2014-04-01 19:06:08 UTC
Last Submission
2023-07-15 21:58:43 UTC
Last Analysis
2023-07-15 22:12:00 UTC
Okay I’ve uploaded it to them via their “report malicious file” section.
What should I do in the meantime, should I quarantine that file or should I let avast keep blocking it automatically?
Will it ever stop doing so/if it does would it be vulnerable again?
EDIT: I ahve also uploaded it to their false positive section, just in case.
I will do.
I think it’s probably because my Win10 got stuck on it’s last update and it’s just a file that either never got updated, or I am vulnerable to it’s lack of protection.
Either that or I just got “lucky” and I was the one who got flagged first.
I boot up my PC and it flags a system32 file with potential danger, I forget if it said malware or not.
When the dark brown stuff hits the fan it is hard to be rational. So whilst Avast has alerted, it is also preventing it being run.
So taking a screenshot of the Avast Alert window with the Details option enabled gives us valuable information. Notably the exact wording of the alert ‘potential danger’ sounds a little iffy for an alert
There have been some drivers recently being flagged as at risk of exploit, so given the limited information and this may be something like that.
A google search on this file returns a lot of hits - https://www.google.co.uk/search?q=iQVW64.SYS
So it seems to be detecting a vulnerable driver.
So this all might have something to do with my windows 10 having been unable to actually get to the 22H2 update.
In the meantime I’ll try finding a way to do that which doesn’t nuke my PC and see if that fixes the issue.
EDIT: So, after updating windows it’s definitely not solved the issue.
EDIT 2: Okay so I have also updated my Intel Network Connections Drivers to see if that is what it is. Only time, and waiting for Avast to get back to me, will tell.
It isn’t only Avast that would be involved in this as the Operating System is also checking for vulnerable drivers also.
Hopefully updating the vulnerable Intel driver does the trick.
I’m not sure given the results found about this driver being vulnerable, I wouldn’t think it is a false positive as such. Also it isn’t a virus/malware as such, but a vulnerability that could be exploited by malware giving privileges it wouldn’t ordinarily be able to use.
Well, after a quick reboot to find out if that has fixed it, Avast hasn’t opened/alerted on start-up like it has been doing before.
So I can tentatively say that the solution may have been found and applied.
So i can only imagine that this specific driver is no longer vulnerable. Either that or Avast isn’t telling me, lol.
Thank you for pointing me in the right direction, and thank you to everyone else who have helped me along the way!
