Hi,

I just got a brand new PC with windows 7 Home premium on it.
Naturally I installed AVAST antivirus on it which I have used and trusted for a long time.

When I connected my portable USB hard drive to my PC windows 7 duly installed the drivers for it.
Oddly enough AVAST suddenly reported “USBSTOR.SYS” in the windows directory as “suspect”.
It did so just after windows 7 installed the drivers.

For now I chose to ignore it and everythings works OK but I am still wondering if something was wrong or not.

Can anybody enlighten me ?

Thanks

Hello fd9750,

Let’s make sure it is not a false positive. So, could you please upload the file to virustotal.com and post the link to the scanned page?

nmb

Hi,

I looked for the file and there are at least five of them with the same name and I can’t tell which one it was.
So I had AVAST run a detailed scan on them all and they check out OK so I guess everything is all right.

Can you list all those files which were detected, including the path?

Just to be sure & safe you can upload all of them to VT and post the link here.

And, can you type in what avast detected it as, please?

Hi again,

Here are the paths:

C:\Windows\System32\drivers\USBSTOR.SYS
C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_9337898b2abb532b\USBSTOR.SYS
C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS
C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16592_none_a46d735fb18eec24\USBSTOR.SYS
C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.20712_none_a54d9170ca6ba98d\USBSTOR.SYS

There are actually only two files, each one is there multiple times.

VT report on the first one:
https://www.virustotal.com/file-scan/report.html?id=a6929516c9fdb1c3537f3d65590a4026536e6131afc9b9f70241ee76ace191d3-1290001604
VT report on the second one:
https://www.virustotal.com/file-scan/report.html?id=ef4829a2d5b8d47aa7e06093ec85244042ed1ccff43cc80dc44ef018b434197a-1289162185

Nothing detected so it looks OK, just a bit of overcautiousness from AVAST (5.0.677).
Still: better safe than sorry.

Thanks for pointing out Virustotal, it might come in useful again.

https: ???

@fd9750,

You forgot to tell me what avast detected it as. I guess was detected by behavior shield, as you told it was a suspect.

Keep an eye on it. If it detects anything again, come back but tell me what avast! detected it as, now!

nmb

Hi nmb,

I am sorry, but I don’t remember and I can’t find any log file or so where it is listed.
I was in a bit of a hurry so I did not capture the report. I will be more careful next time.

It may very well have been the “behaviour shield” because I very much think it did not like something new being installed in the driver directory.
It did not actually report that the file itself was “suspect” just the fact that it appeared where it was not before.

As the PC is brandnew it was the first time ever that I connected a USB mass storage device to it so that might explain things.

just the fact that it appeared where it was not before.

The file paths which you have given are okay. I mean there is no problem that this file is there. It is a new feature in win in that it stores such files in folders like:
C:\Windows\winsxs\amd64_*
C:\Windows\System32\DriverStore\FileRepository*

There’s nothing that “you” have to be suspicious about. You can just go to realtime shields in avast gui and check which shield detected it. Let me know.

nmb

you can right click the avast ball and show last pop up message.

regards!!!

Thanks bong2x

Hi guys,

I looked at both suggestions and tried them all.

The last pop-up was “your virus definitions have been updated”. That is great but does not help much.
I also trawled through all the real time shield data. It shows a lot of checks but “0” infections.

Too bad, more luck next time

Yup, lets wait and see.

Here is some additional info on “usbstor.sys”

How to remove usbstor error

http://www.file.net/process/usbstor.sys.html