rootkit detected in latest ATI (AMD) HD Audio Service driver

Avast Free Antivirus / Premium Security
1

I installed the latest stable Catalyst Suite from AMD (14.4), but today I uninstalled it in order to revert to version 13.12. I used the latest version of the AMD Uninstall Utility. As the uninstall was finishing, avast! popped up a warning that AtiHDAudioService was infected with a rootkit. I took the recommended actions of deleting it (if it was even still present) and performing a boot-time scan (currently in progress, and will be for some time).

I can’t post any other specifics until after the boot-time scan completes, but I find it hard to believe AMD would release a driver package that contains a root-kit.

I’ll post specifics when I can.

2

What OS/SP?
What version of avast?
What vps version?

3

What OS/SP?
Windows 7 Ultimate SP1 64-bit
All Windows Updates applied, up to and including the Internet Explorer 11 update from yesterday

What version of avast? | What vps version?
2014.9.0.2018
140502-1

The boot-time scan found nothing.

Here’s a screenshot of the avast! warning.

http://zengomi.com/Sancho/avast_screenshot.jpg

4

I suggest you report it to avast as a false positive:
www.avast.com/contact-form.php‎

5

Send the file (string filename is written after “SVC: AtiHDAudioService>” in the “File Name”) to virus@avast.com, put “false positive” to send an e-mail subject compressed in zip or rar

6

I don’t have the file to send, as either avast! or the AMD uninstall utility deleted it. I can’t use the form, as it requires me to upload a file.

7

Look in the chest, if the file is there right click on it.

8

Like I said, I took avast’s recommended action, which was to delete the file, not move it to the chest. Chest is empty.

Well, hopefully someone else will be able to report it.

9

unfortunately it will not do much thing
but who knows the picture, maybe help

10

Hello,

I fixed some files from this version of ATI, in few hours will be fixed in new VPS. Please try new version. If you problem still persist please don’t hesitate write to us to virus@avast.com

11

Thanks for fixing, but I’m not going to be re-installing ver. 14.4 of Catalyst due to an unrelated problem. Perhaps the fix will apply to future releases, which would be good.