Avast! today mysteriously popped up a message saying that sptd.sys is a rootkit and after ignoring it, it popped another one which sayed the heuriestics identified it and then I saw it upload the file to Avast! during an update.
I think this is a false positive, sptd is a driver used by DuplexSecure used by some cd/dvd emulation software like Daemon Tools and Alcohol for a deeper emulation.
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
The funny thing is scanning that file manually with Avast! shows it’s not a virus it’s only some monitor heuristic/rootkit heuristic that seems to not like that file.
It happened to me today, I installed Alchohol 3 days ago and this morning Avast said I had a rootkit and recommended to delete it and recommended a boot scan too, so I did it and nothing was found, but then I came here to see if someone else is having the same problem and I found this thread.
Avast deleted it though I specifically ordered it to ignore it and to just send it to avast labs!! Wasn’t able to upload to virustotal (don’t know if avast was the reason for that or the file was self-protected). Way to go… I guess my Alcohol and Daemon tools might not be working now, because this surely is a legitimate file of those programs. There has to be something wrong with the new sigs (mine were updated just a few minutes ago, before avast came up with the pop-up other users have posted).
@cadremis: Don’t do anything until they fix their sigs!
I just told it to ignore it and it deleted the damned file. I now have to reinstall daemon tools and/or Alcohol 52…
@cadremis: SPTD.SYS comes with Alcohol 52 etc and Demon tools… If you use these programes that’s why you had the file in \system32\ (though I guess it could be delivered with other progs as well). There’s no chance that we’re all infected with a tampered SPTD.SYS. It’s avast’s fault and they should fix it asap… As they should fix their silly interface which gives the option to ignore and it then deletes the file without your permission… This is pathetic!
on the bonus side, the latest version of SPTD (currently v1.78) linked above fixes some blue screen issues that version 1.76 has (v1.76 being the one that triggers the avast response)
P.S.(edit) i had v1.75 of sptd (and a similar older daemontools) but didn’t have any bluescreen issues with it.
I also got the avast warning but this issue with avast finally got me to upgrade to sptd 1.78 and latest daemon tools lite.