Suspicious file found in rootkit hidden process "C:\windows\system32.\ils.dll"

Avast Free Antivirus / Premium Security
21

scan needs to solve the problem?

22

Yup, just happened to me about an hour ago… also by heuristic method, XP Pro MCE 2005 here, I deleted it and it said it was gonna send it to Avast for analysis…

I guess we’ll find out soon enough… if need be, I can re-install netmeeting at some future time, but I haven’t used netmeeting in a long long time anyway, so no big loss…

23

[color=green]I GOT THE SAME WARNING, I GUESS WE ALL AVAST HOME USERS GOT IT AFTER THE DATABASE WAS UPDATED![/color] ???

24

as I know the rootkit is scanned automatically at the start up. if there’s something wrong a pop-up window will show up in few seconds or minutes after the startup

25

I’ve read a few topics and this one seems to fit my situation perfectly, is it a false positive? and is it fixed yet?

I’ve restarted my computer, and it is scanning it, when thats done I’ll wait 8min to see if it pops up :slight_smile:

If someone could explain this in english(non tech lingo) I would appreciate it, thanks :wink:

26

i have same issue here, will try updating signatures, but this isn’t the issue itself i think because false positives is somewhat ‘normal’ and you have to expect some of them.

So, this one goes to developers (i post this sugestion here because it’s directly related to this topic):

It would be very nice if avast! display info on the suspected file like owner, file version, copyright, date & size, time-stamp, etc., the kind of info you get when you google for that file - in this case c:\windows\system32\ils.dll on my XP system.

that way it would be lot easier to know what to do with it.

cheers

27

finally finished and at 8min it popped up again, how do you update it?

28

When I saw the warning I DELETED the file ils.dll

Now what should I do? Is that file needed by Windows or another programme? Where shouls I find it now?

Thank you

29

i got d same msg today “suspicious file”. advised me 4 a boot time scan… after starting boot scan it came on a file (dont remember d name), and den d hole system bcame as it is… nothing worked. i hd to restart my pc…
i was facing d same problem with avast a few days b4… when th scan would reach a perticular file, it was ntservicepackuninstall.dll, system wuld hang and i hd 2 restart. i deleted the particular file and it it was ok den since avast culd not reach the file for scaning.
and now im facing d same prob… i cant del alll the files on which avast malfunctions as de might be important… wat to do now. pls help

30

hi qim, can we chat? we can solve our probs

31

updated program and restarted, it didn’t pop up again, next time I turn it on we shall see if its gone, but for now updating seems to have worked ;D

32

hi, there’re many .DLL support websites where you can download that file from. just search for ‘download ils.dll’ or something like that (without quots) and you’ll see.
try for instance www.dlldump.com. I already did the job 4 you: http://www.dlldump.com/download-dll-files_new.php/dllfiles/I/ils.dll/5.1.2600.2180/download.html
By the way, save the file in the \windows\system32 directory (folder)

avast! is just a GREAT product

33

Hello,

I am on the east coast and updated the vps file (081215) at approximately 6:30 A.M. After that time, I received the “suspicious file” popup. I checked “ignore”, after which I was asked if I wanted a boot time scan. I allowed it…it was clean. Here’s the problem - I continue to get the popup displaying this “suspicious file” (just got one at 3 P.M.)!!! How do I proceed here?

34

Looks like you need to update again. The latest VPS is 081215-1. Alwil caught the error pretty quickly and corrected the detection in 081215-1.

35

Rick, my error I apologize - I DO have vps 081215-1…just checked to be sure! What now?

36

Did anybody actually delete this file, and has any problem with the computer as a result?
An Avast user at Wilders has posted concerning a detection she quarantined, and now has fairly significant problems.
Does anyone need a copy of this file?

37

after the vps update just restart your computer

38

I’m here for the same reason as everyone else. But here’s my question:

I did a manual update and the summary says: VPS Already up to date - Current version (081215-1)

When checking my Log viewer under ‘Notice’, it doesn’t reflect this update. It still reads 081215-0 as the last entry. I’ve rebooted and am still getting the ‘Suspicious File Found’ notice. Please help.

39

Hi there,
i have the same problem as everyone else since today here except that it doesn’t stay with only 1 file that may be infected in my case. It’s more like 40 files…
for eg.:
"sign of rootkit hidden file has been found in C:\windows\system.ini
C:\windows\LAN
C:\windows\assembly/GAC_MSIL
C:\windows\assembly/GAC_32
C:\windows\SoftwareDistributionDownload
C:\windows\Twain_32.dll/LogiVid
i also already 2 times updated today and have the latest version (Avast home edition, windows XP) but the warning popup remains. I also only can choose between ‘delete’ or ‘ignore’. When I hit ignore, the problem remains, i don’t want to hit ‘delete’ because it’s like 40files… Can anyone help please
thanx!!!

40

stoeterke, do you have an ACER computer?