No this is different…bc you used the “scan memory” setting
do not use the “scan memory” setting as this will give some strange scan results
the forum is full of this if you search

do not change the default scan settings if you do not know the result of it

Kind of weird. A person posted on Yahoo answers that Avira picked it up as a virus so they installed avast! and got the same problem. Shared database?

http://ph.answers.yahoo.com/question/index?qid=20111206051008AAFRO5q

I got it on one of my XP computers but, get this, I disabled Avast long ago.

Avast is listed as a startup program in msconfig but I’m fairly sure I disabled the item long ago.

Then again, it could be one of my senior moments.

Alright, if this is a false positive, can Avast please come up to the plate and hit the ball instead of wasting everybody’s time?

you mean you have more then one AV installed ?

you can be 110% sure they are working on it…but the fix has to be tested before they release it

There is no shared database, coincidence yes, if both are doing a rootkit scan and this is a hidden process then there will be a possibility of a hidden driver being considered a rootkit incorrectly. Unfortunately, even though this is a system file is isn’t digitally signed and that doesn’t help if something is suspect.

Please don’t change the topic title, just put that in the body of your post.

But to answer that NO it isn’t a hoax, which is completely different from what it is likely to be a False Positive.

Sorry, I should not have said shared database but what about shared signatures on some malware? I think the Vendors do this correct?

I just got this same problem a couple of hours ago. I’ve now read through all the answers here, but as I’m completely inept with computers, let me get this straight: we’re just to wait and hope Avast fixes this? To do nothing now?

Same thing, no shared signatures, no all vendors don’t do that. Some might be using their engine and database but that would be under a licensing agreement and nothing exists between Avast and Avira other than the coincidence they are both begin with the letter ‘A.’

Select Ignore if the alert comes up again, monitor this forum, click the Notify button at the bottom of the page. You will get an email for new posts, as you might imaging you will probably get a lot as it is active. You could also bookmark this link http://forum.avast.com/index.php?topic=89963.msg716133;topicseen#new, which will open the topic for new replies that you haven’t yet viewed.

Thanks DavidR! I will do as you suggested! :slight_smile:

You’re welcome.

i already did as AVAST suggested , to delete and reboot bootscan, but no threat found.
so what about the file i have lost ? and the alert is still popping

got the message too…must be a false positive…
hope fix comes soon

I did this and now I get 2 infections instead of 1. :-\

100% false !!!

Same here, just how badly have we fucked up due to this s**t?

same thing has happened in my computer, which is windows xp with sp3.

but when i manually scanned sfloppy.sys with avast, nothing suspicious was reported. this is very strange.

so i personally think sfloppy.sys is clean, but is it possible that specific action such as one API inside sfloppy.sys is being called by another process may cause this symptom?

i am looking forward to official answer from avast.

What do you mean, you have 2 infections? Did you check if sfloppy.sys is really gone from system32\drivers directory (hope you are not checking just system32 directory, as available implied earlier :))?

If sfloppy.sys file is really deleted from the system32\drivers directory, doing what I mentioned earlier, will just place a copy of this file (the file from sp3.cab should be the same as the original one in system32\drivers) in system32\drivers. If the file is there, you should be asked to replace it.

PS: I restarted the system a few times and everytime after Windows started, Avast showed the same warning about sfloppy.sys. Checked manually for updates and the virus definitions updated from Current Version: 111206-0 to 111206-1. Rebooted again and the problem is still there, so as others suggested, I just ignored it and now am waiting for a new update, that will hopefully fix that.