After a few days of complete failure I need help please.
Using Avast Home 4.8 build 4.8.1201
Winxp pro on a machine that in all regards I think running OK.
Only a few days ago avast pops up this warning message about 5 minutes after every new boot.
A suspicious hidden file has been detected (using a heuristic…
File Name : C:\WINDOWS\System32\Drivers\WDICA.sys
Type: Hidden services
Recommended action : ignore
I allow the file to be submitted.
Heres the problem - I know how to view hidden files …I cant find it.
Maybe I’m a bit paranoid…The file must exist for Avast to find it, I cant find it to send anywhere for testing…cant even find what process the file is related to.
I’m loathe to tick the “do not tell me about this rootkit…” in case its for real.
Any advice appreciated
This sounds like the avast anti-rootkit scan that happen ‘8’ minutes after boot, it compares what is running against what is actually notified and that is what it means by hidden. It hasn’t said specifically that it is a rootkit or infected file but suspicious. It is that you have to investigate, e.g. why it might be hidden legit/malicious.
This file seems to be a driver of sorts, trying to pin down what it is for is the problem. On the detection, isn’t there an option to send the file to avast for analysis ?
I very much appreciated this advice and have spent some long time researching the matter.
I am now left with the conclusion its a false positive.
After so long I was curious why maybe Avast had not ‘reacted’ to my several times a day reboots I had left the alert as a submit. I now know why…my log has every single alert / submit as an error. “Internal error has occurred in module basEncodeFile to Rootkit submit failed”
Seperate problem but I guess I have left this comment as it directly relates I consider to the primary issue which is that I choose to Ignore the alert and allow the auto submit.
Am I best to now Ignore and Dont tell me again?
Any comments appreciated
Pete
show hidden files and folders and show system files
you used search? (or find) if you can find it
go to virustotal and then navigate to this file and upload, analyze and post the link?
your avast is out of date do a program update- rt click the ball
run malware bytes anti malware
check anything bad and click REMOVE a backup file will be made
We can check with Hijack this after the above have been completed or attempted
we also have some advanced search techniques