WinFLdrv.sys?

hi everyone, i ran thorough scan as part of regular maintenance on my pc.
and then there was a pop-out saying

Sign of “Rootkit: hidden file” has been found in “C:\Windows\System32\WinFLdrv.sys”

there were two choices, ignore and delete. since i dont know what to to i chose to ignore it.
can someone please tell me if this is really a rootkit? and if it’s safe to delete this.

thanks everyone.

Are you using win xp?

delete it brother
and get those anti rootkits for ensuring:
if you are not professional:try avast anti rootkit,radix,panda,f-secure anti rootkits
if you are professional :gmer,rku,root repeal.
google them and get some thing to do :wink:

I might be an false positive.

avast anti rootkit component has no false positive “it doesnt act as signature scanning” so it is a rootkit and get the up anti rootkits and you will ensure it is not an false positive.
i try to make an anti rootkit but always i go to a bsod,what a bad instructions?! :cry:

http://www.threatexpert.com/files/WinFLdrv.sys.html

IN xp its found in system 32.

Notes:
* Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
* In order to check a file, please submit it to ThreatExpert.
* For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.

The file “winfldrv.sys” is known to be created under the following filename:
%System%\winfldrv.sys
Note: %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Maybe it’s gotten infected?

no it get replaced or replaced by the rootkit.
may be you should restor a back up for windows,or repair it if you get an error after cleaning.

im using windows vista. but before i scanned, my computer seems normal though.

threat expert says it’s not a threat. that’s why im confused if it’s just FP or not.
maybe i’ll try to scan some more. make a back up(just in case) and try to delete it and see what happens.

thanks guys.

I don’t think its a fp. Send the file to virus total.If you cannot find the file, copy/paste the location where it says file name,then click open.Post the results http://www.virustotal.com/

hi,
i tried to google this file and found out that this file is related to Folder Lock.
now it makes sense because i installed folder lock and forgot to remove it when it expired.
so i removed the program and scanned again.
problem’s now solved. :slight_smile: so i guess it really was FP.

thanks everyone.

I have the same issue. I have Folder lock installed. I quarantined the WinFLdrv.sys, and again when i i tried to restore it says WinFLdrv.sys is already available do you want to over write it. And in the quarintine window below the virus details it shows no virus. While moving to virus chest it said root kit? I deleted WinFLdrv.sys from chest and ran scan again. Now there is no infection in my pc and Folder lock is still installed.

I don’t understand what is the issue here.