I last ran a scan around the 11th, and I decided to run one last night, and it came up with four infected files, all of them were nvrd32.sys, two where the exact same file in the exact same location (system32\drivers), and one was on my D:// drive, which is a factory restore.
I did a bit of tech support with a friend of mine when it happened, and he claimed that Avast had been finding a lot of drivers (This file is an Nvidia RAID hard disk driver) as false positives.
I’d really like to make absolutely sure, so I’m looking for some help. I did all of this last night so I’m not sure what you want me to do, but I’ll try.
It seems to be a FP according to VT report (date etc) …
Please submit it by using (http://www.avast.com/contacts) click on “General Contact” at the bottom left…
Inside Subject/topic select : Report False positive alert in file.
That’s a good start of a second opinion. I run sort of a tight ship and I’m paranoid about this sort of stuff. It was just kinda 5 AM, he vaguely made sense, and I wanted to head to sleep. Still, I’ll provide any information an expert feels relevant just to make 100% sure.
Where is the file in quetion atm ? In the chest ? If yes go to the chest from the program, right click the file in quetion, and click “Send to AVAST Software” select False Positive, and give them the requested informations.
Yeah, I ran it through Virustotal last night. It was around 2 or 3 AM, I was dead tired, otherwise I would have went straight here instead of just accepting my friend’s help.
when very new…may indicate why no one detect it at VT…the bad guys test there new malware against detection before they release it
also this does not show a sigcheck at VT as the first one you posted did…why?.. click the additional info button
I checked the RAID Driver in the device manager, noticed it had a little caution symbol by it, the properties state something like, “Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)”
Checking the driver details doesn’t tell me anything, either. This driver could have been busted for who knows how long.
Also, yeah, I sent it their way, posted the virustotal and this thread. What’s the usual amount of time for a response? Obviously not today, since it’s Christmas and all, but this whole ordeal is bugging me.
Also:
Initially I did nothing to them as per my friend’s recommendation, since he believed it was a false positive and said people were having issues removing things from the virus chest. But I transferred them to the virus chest now.
Obviously not today, since it's Christmas and all, but this whole ordeal is bugging me.
i think all the big AV vendors have 24/7 workers in the lab in case something happens......
think of the dissaster if a big hospitals computer networks is dissabled bc of a FP or something similar
What's the usual amount of time for a response?
usually quick....but dont expect to get a reply, it usually only happens if it has been lots of issues posted in the forum
rescan files in chest after next… update(s) to check if they are still detected, when not right click and restore. a copy will remaine in chest, this you can delete when all is OK
Oh, also, one last question. I only submitted the one nvrd32.sys file that was in the system32, it’s located in another area in my system32 and on the D drive, should I submit every single one of them or will just the one suffice?
