sptd.sys likely a false positive

Avast! today mysteriously popped up a message saying that sptd.sys is a rootkit and after ignoring it, it popped another one which sayed the heuriestics identified it and then I saw it upload the file to Avast! during an update.

I think this is a false positive, sptd is a driver used by DuplexSecure used by some cd/dvd emulation software like Daemon Tools and Alcohol for a deeper emulation.

upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see

alternative
Jotti http://virusscan.jotti.org/
VirSCAN http://virscan.org/

i have same problem this :o

See screenshot:

http://i51.tinypic.com/j65004.jpg

Here you go: http://www.virustotal.com/file-scan/report.html?id=ccac2cc44f90001da973d2b6e644ff37fa6c31c7a3abd936645382537fa63edd-1306837223

Had to use safe mode as it seems to be protected like a rootkit altough it isn’t harmful or just loaded in the background so you can’t touch it.

jepp, looks like a FP to me

sigcheck:
publisher…: Duplex Secure Ltd.
copyright…: Copyright (C) 2004
product…: SCSI Pass Through Direct
description…: SCSI Pass Through Direct Host
original name: sptd.sys
internal name: SPTD.SYS
file version.: 1.76.0.0 built by: WinDDK
comments…: n/a
signers…: Duplex Secure Ltd
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 12:47 PM 11/23/2010
verified…: -

avast! isn’t listed…! :wink:

Strange… you’ve got an alert while virus total shows nothing ???

Yep, it is strange…
Which VPS are you guys on…??
Try to update manually.
Solved…?

VPS: 110531-0 latest (ATM)
Manual update doesn’t help.

The funny thing is scanning that file manually with Avast! shows it’s not a virus it’s only some monitor heuristic/rootkit heuristic that seems to not like that file.

Interesting…
You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles

It happened to me today, I installed Alchohol 3 days ago and this morning Avast said I had a rootkit and recommended to delete it and recommended a boot scan too, so I did it and nothing was found, but then I came here to see if someone else is having the same problem and I found this thread.

Is it a FP or not?

Avast deleted it though I specifically ordered it to ignore it and to just send it to avast labs!! Wasn’t able to upload to virustotal (don’t know if avast was the reason for that or the file was self-protected). Way to go… I guess my Alcohol and Daemon tools might not be working now, because this surely is a legitimate file of those programs. There has to be something wrong with the new sigs (mine were updated just a few minutes ago, before avast came up with the pop-up other users have posted).

Guys,
What do I do? Avast is giving me pop ups everytime I re-start my computer with the same alert.

Now another different pop up with the same alert

@cadremis: Don’t do anything until they fix their sigs!
I just told it to ignore it and it deleted the damned file. I now have to reinstall daemon tools and/or Alcohol 52…

Avast deleted the file, I guess I have to do the same thing than you…pufff… let’s wait for Avast to correct this if this is a really FP.

But I would like to know by a tech if this is a real root kit or not and if they will correct it today…

I did a scan with malwarebytes and detected nothing.

@cadremis: SPTD.SYS comes with Alcohol 52 etc and Demon tools… If you use these programes that’s why you had the file in \system32\ (though I guess it could be delivered with other progs as well). There’s no chance that we’re all infected with a tampered SPTD.SYS. It’s avast’s fault and they should fix it asap… As they should fix their silly interface which gives the option to ignore and it then deletes the file without your permission… This is pathetic!

Hola Cadremis,

please what version of Alcohol do you have installed? Is this happening only on Win XP?

you don’t have to reinstall Daemon or Alcohol, just the SPTD driver:

http://www.duplexsecure.com/en/downloads

on the bonus side, the latest version of SPTD (currently v1.78) linked above fixes some blue screen issues that version 1.76 has (v1.76 being the one that triggers the avast response)

P.S.(edit) i had v1.75 of sptd (and a similar older daemontools) but didn’t have any bluescreen issues with it.
I also got the avast warning but this issue with avast finally got me to upgrade to sptd 1.78 and latest daemon tools lite. :stuck_out_tongue:

It is happening to me in Windows 7 even with the latest update of Avast…rm