At start up Avast gave rootkit warning SVC:UBHelper > :\ UBHelper.sys win32:EVO_gen(susp)
I let avast delete it and did boot time scan. 2hours later computer starts all is well and then 20 minuets later same message rootkit warning SVC:UBHelper > :\ UBHelper.sys win32:EVO_gen(susp)
Is this a false positive because the file is a driver for DVD drive according to a web search. Not sure what to do about this. I’m trying a normal full system scan next instead of the boot time scan. Not sure avast should be trying to remove this file.
This is an Acer Aspire Vista 32 bit system and it is about 6 years old. Used for email, bills, and watching online videos.
Ok, now have patience.
If it is indeed a false positive (as I think it is), avast will fix it a.s.a.p.
Could even be through the next streaming update or vps update.
Not sure what is going on here but the rootkit tester has messed up at least once before if my memory has not failed me. Is there a chance the OS is restoring the UBHelper.sys file after you deleted it?
I hope an update fixes this but it is starting to look like it may take more than that. I stopped using the computer and now I’m on my old laptop.
I wonder if more people are being affected? I guess we just keep waiting.
I have done scans using other testers/software scanners but none find anything wrong with the computer.
Hello,
I have the same problem since yesterday. I’ve also an Acer Aspire computer with Vista and the program NTI Cd-dvd Maker.
The problem is really with this program ? because before I’ve any problem with this.
Or it’s a real rootkit into my computer ?..
I now see that my DVD drive is no longer recognized. I have submitted a ticket to the link provided by Pondus. Hope I get help. I will post back if I get a solution. Anybody remember how to re-install DVD drive in an old Acer Aspire desktop?
After trying the simple methods of reinstalling the DVD driver which failed, I did a restore point from 3 days ago. This brought back the drive to full functionality. I then did a few complete boots and did the Microsoft update from 1/6/15. I then created a new restore point. I then did a quick scan with Avast which then found the same UBhelper.sys file “SVC:UBHelper > :\ UBHelper.sys win32:EVO_gen(susp)” and gave the fix automatically option which I changed to IGNORE. So far the computer is working and the DVD drive is recognized and functional. This leads me to say that the Avast signature file update for 1/6 or 1/7/15 has caused the rootkit function to over react to Acer Aspire computers with Vista and the program NTI Cd-dvd Maker and if you allow Avast to fix automatically it will cause the cdrom or DVD drive to become unrecognized and dis-functional.
I’m now hoping for a work around or fix form the Avast support team. Thanks for all who posted here so far. You made it possible for me to get my computer working again.
Hello again
After the last informations of busp1 and rgsma.jones, I verified my CD/DVD drive and it does not work ! (the model of the drive is: HL-DT-ST DVD±RW GSA-H21N )
I just noticed into the Windows Device Manager, one of my 4 USB ports is not recognized too… :-\ and you ?
In the Device Manager, in properties of my CD/DVD drive, it is written “the pilot has been disabled”, and UBHelper.sys is one of the 3 drivers files.
This problem seems so strange and frightening … especially we all have an Acer Aspire desktop ???
Opening Device Manager showed that both my DVD/CD rom drives were not operating correctly. I followed Microsoft’s suggested solutions but without any success. They remained ‘unrecognized’. Incidentally, BUSP1, if you uninstall the CD and DVDs (which I did as part of Microsoft’s recommended troubleshooting solution) they are automatically reinstalled by Window’s Plug and Play technology when you next boot up.
Then I found an old post on another website regarding UBHelper and it suggested that you uninstall ‘NTI CD and DVD Maker’ application. I opened ‘Add or Remove programs’ from the ‘Control Panel’, and then deleted the said NTI application. Then rebooted. And hey-ho … my drives are back. (I use Windows XP; later versions of Windows may have some different terminology.)
So, now my problem is … do I reinstall the NTI application? I’ll have to search my stock of CDs, but that is less of an irritation than having no CD rom drives.
I then did a quick scan with Avast which then found the same UBhelper.sys file “SVC:UBHelper > :\ UBHelper.sys win32:EVO_gen(susp)” and gave the fix automatically option which I changed to IGNORE. So far the computer is working and the DVD drive is recognized and functional. This leads me to say that the Avast signature file update for 1/6 or 1/7/15 has caused the rootkit function to over react to Acer Aspire computers with Vista and the program NTI Cd-dvd Maker and if you allow Avast to fix automatically it will cause the cdrom or DVD drive to become unrecognized and dis-functional.
I’m having the same problem here. Also with an older Acer Aspire. I did a quick scan with Avast which found the same UBhelper.sys file “SVC:UBHelper > :\ UBHelper.sys win32:EVO_gen(susp)” My cd/dvd drives are not showing on Windows Explorer. After Posting this I’ll try rebooting to see if cd/dvd drives come back.
@rgsma.jones: thanks for your update message It’s all good if we can solve our problem with deleting the NTI program
but I have a question : [u]no new rootkit alert by Avast ? …so it’s all over ? ;D
Just in case anybody has submitted a post to Avast team support, and if you have an answer, please let us know
Suggested Work around(s) so far use at your own risk:
(1) In a perfect world where you knew that UBHelper.sys was a false positive of Avast’s root kit detection system, you would have known that “deleting” or “allowing Avast to fix automatically” UBHelper.sys would cause your USB and CD/DVD drive to stop working and you would have never allowed Avast to take an action that would damage your computer software.
(2) If you have a restore driver disc (I could not do this because I have no such disc). Use that driver disc to reinstall software to run CD/DVD drive or any other devices that are not working. If Avast still gives you a popup warning at start up or if you run a scan and get an alert that there is a rootkit UBHelper.sys that needs to be fixed/removed make sure you tell avast to ignore it or tell avast to do nothing or your devices may stop working again.
(3) If you have a restore point from the date 1/5/15 or older you can use it to return your computer to a state where your USB and CD/DVD drive were working. Be aware you will need to reinstall any updates you did after that restore point was made. If Avast still gives you a popup warning at start up or if you run a scan and get an alert that there is a rootkit UBHelper.sys that needs to be fixed/removed make sure you tell avast to ignore it or tell avast to do nothing or your devices may stop working again.
(4) Remove the “NTI CD and DVD Maker” application. Be aware you may need to obtain a new software program to take full advantage of your drive again. (I have not tried this one since my system was fixed by using number 3.) In this case you may not need to worry about Avast giving you a popup warning or alert about rootkit UBHelper.sys but if Avast still gives you a popup warning at start up or if you run a scan and get an alert that there is a rootkit UBHelper.sys that needs to be fixed/removed you may actually have a real root kit which you need to allow Avast to deal with.
Work around(s) 2 and 3 assume that UBHelper.sys is a false positive of Avast’s root kit detection system. To date no conformation of UBHelper.sys file is as false positive has come form an Avast support rep.
I tried a reboot to see if the cd/dvd drive would be picked up as new hardware automatically. No luck. I was going to try a System Restore but somehow my restore points went missing. Guess I need to do manual restore points more often. Will review previous posts to see what worked for others.
I got my CD/DVD drives back (I think). Read on.
This is a cautionary tale. I learned many things:
1) It is not a good idea to trust Avast dialogs
I am quite sure I pressed “Ignore” when I tried to open UBHelper.sys to send it to virustotal for checking… but it went into Avast vault anyway.
2) Avast does not restore files correctly from the vault — AVAST, PLEASE, FIX THIS —
I said “restore” but the file restored from the vault had different attributes; at least the timestamp had changed. I could not check the contents, of course.
Btw, virustotal scored zero… Avast included.
3) Do not try to reinstall NTI CD & DVD Maker 6.7 The Acer-installed NTI-made CD burning program did not start (I guess because the driver was not restored correctly). I found it (the Acer version, upgrade to same version number) on the NTI site and thought of reinstalling it over the old one. I thought it would either reinstall or do nothing (boy, was I wrong).
It uninstalled the existing one (not completely, as we’ll see) and then failed to install it again (“could not complete script-based install” something like that). I rebooted and retried: it refused to install because the original program was not there.
4) Extra trouble
Then I found this discussion, checked the CD drives in Device Manager and found the yellow exclamation marks. I disabled the NTI driver using autoruns, to no avail: so I had no burning program anymore (of course) and no CD/DVD drives, not even the external USB one. Nice situation.
I tried to get back to a restore point: it failed (I suspect Avast may have something to do with this; there are restore point files in the vault).
I lost the NTI program, but that’s no big deal… apart from the bitter feeling of having a system work fine for 10 years and then be damaged by an antivirus :-/
I am having the same problems but now don’t know how to restore my dvd/cd drive which I still use. Will Avast correct this problem? Can I restore it myself. Other problems have also arisen and I do not know how to check and put the problems right.
