Indeed, I have an Acer Aspire 2001WLCi computer…
Do you know maybe what the problem is?
They’re being studied by Alwil team…
Right now, the workaround will be disabling the antirootkit scanning at the Troubleshoot page of the program settings.
Tech, can you help me with my problem? (see above) Why is the update not being reflected in my log and why am I still getting the suspicious file messages? I’d really appreciate it. Thanks.
Annie, I’ve read your post… But I can’t help, I mean, I don’t understand why after booting the problem is still there…
if you update manually the update doesn’t appear in the log viewer, it’s reflected only when it’s automatically updated.
Thanks, NourinE. Have any idea why I’m still getting the message?
for me the VPS 081215-1 fixed the problem, because I think it’s a false positive. if the problem persist there should be an update to fix the problem soon, just be patient. you can turn of the the rootkit scan till the problem is fixed.
program settings => troubleshooting => Disable rootkit scan on system startup.
Thanks, again. I think I’ll take a breath and relax for a while. I’ll check later to see if there’s any more fixes. Again…thanks.
NourinE, thanks from me also. So far, and crossing my fingers, it has not popped up again…we shall see…
c’mon people, let’s get serious: other products have far more false positive in every new release than avast! in all it’s history (i’m a longtime user of Pro version).
I don’t see the reason to keep posting waste =P
(may be avast! forum is just too friendly)
Just a suggestion for the avast team, with regard to the options presented, when the rootkit mechanism finds something suspicious: please replace “delete” with “move to quarantine”. Or augment “delete” with another “move to quarantine” option. In either case, make “move to quarantine” the default option.
In general, if a heuristics mechanism finds something suspicious then by all means do provide a “move to quarantine” action and make that action the default one.
Fully agree… Alwil, please, do it. Also, think in a way of getting access to Chest from boot time…
Is it really a false positive ???
I got the same warning, made a copy of ils.dll and had it removed by Avast. The computer runs much faster now. MSN is still working with webcam and sound. The file is part of netmeeting which should not be running on my pc, but somehow it did, since Avast wanted me to shut down in order to remove the file. Maybe the file misbehaves like a rootkit after all, though it was signed by Microsoft. The Avast message showed that the file was suspect because of heuristics. This means, not because by chance it had the same fingerprint as a real rootkit, but because it behaved like one. Unless Avast can explain how it comes, I am not certain it was a false positive. Could someone tell me in what way ils.dll could do something useful for anyone?
If you upload it to www.virustotal.com, what do you get?
With all due respect, I find this a most puzzling statement. I for one hope that this forum continues to be CIVIL, as well as helpful.
I’m not sure the ‘delete’ works anyway with Rootkit detection. At least when Rootkit detection said that ‘process.exe’ was suspicious 2 or 3 days ago on my PC, I tried the delete choice the second time it was detected. [After finding out that file wasn’t important] The file was still there in my Sys32 folder and the same exact size. Someone suggested the code is changed so the file won’t run and it’s not really deleted. Not really sure though. File size was the same with the exact same extender (exe). :
Hi - new forum member - I think that my concern is answered but would like to check other user views
Having just got the ‘suspicious…’ message today I was concerned that it might not have been avast generated at all and perhaps be a piece of malware - but reading these last few pages I think that I can safely respond to the message - do an ignore or delete without being concerned that I will face some malware attack - would that be right?