Over the past few days this message has been appearing when I start my computer. At first it was just one file so I looked and could not find it in explorer so I tried looking through my restore points with ShadowExplorer and couldn’t find it in any of them. Does anyone know what this is and if it is anything to worry about it? Also can I get rid of it or at least stop the messages for it?
Thank you,
Josh
Don’t stop the messages, e.g. ‘Do not tell me about these files in the future’ as there is no way of telling if after the analysis it is found to be a rootkit.
Certainly don’t delete without being 100% sure it is malicious.
Based on the file name alone and its location, it is suspicious to me too. A google search for this file name returns zero hits, which in itself is highly suspect for what is in the driver folder.
It is most certainly a hidden file, which explorer won’t find.
I would also suggest other tools that may also find something suspect, which would tend to confirm the avast detection:
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Thanks for the reply. I have Malwarebytes and run scan regulatory and it returns no results with a full scan or scanning system32 alone. Also SAS returned with nothing as well. I looked around some more with show hidden and system files settings and still could not find it Avast is the only thing that seems to be able to see it.
Thanks,
Josh
The file name on its own gives me the creeps, even if I came across this without avast shining a light on it I would have been very suspicious. Add to that the google search finding nothing for a driver file, just increases that suspicion.
Your not being able to find it just adds to that overall suspicion. Avast isn’t using the normal windows APIs to find this, the rootkit scan compares what windows says is running against what is actually running and there are times when files even when you uncheck options to hide system files and folders, etc. they just don’t show.
I’m just extremely cautious when it comes to deletion, so I would still Ignore for the time being and continue to submit it. If you were able to find it I would have suggested renaming it to see what happened, e.g. it failed to run so no avast detection.
You could try a registry search for this file name and see if it brings anything up and report the findings.
You can try one of these to see if they can detect hidden drivers:
NoVirusThanks Anti-Rootkit (brand new)
Hey sorry for taking this long to respond, I’ve been away. Anyway I have check the registry and all the rootkit tools mentioned above and nothing was found that involved this filename. This is very odd, is there any chance avast might be seeing something that doesn’t actually exist? In any case thank you all for all your help.
Josh