hi everyone, i ran thorough scan as part of regular maintenance on my pc.
and then there was a pop-out saying
Sign of “Rootkit: hidden file” has been found in “C:\Windows\System32\WinFLdrv.sys”
there were two choices, ignore and delete. since i dont know what to to i chose to ignore it.
can someone please tell me if this is really a rootkit? and if it’s safe to delete this.
delete it brother
and get those anti rootkits for ensuring:
if you are not professional:try avast anti rootkit,radix,panda,f-secure anti rootkits
if you are professional :gmer,rku,root repeal.
google them and get some thing to do
avast anti rootkit component has no false positive “it doesnt act as signature scanning” so it is a rootkit and get the up anti rootkits and you will ensure it is not an false positive.
i try to make an anti rootkit but always i go to a bsod,what a bad instructions?!
* Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
* In order to check a file, please submit it to ThreatExpert.
* For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file “winfldrv.sys” is known to be created under the following filename:
%System%\winfldrv.sys
Note: %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
im using windows vista. but before i scanned, my computer seems normal though.
threat expert says it’s not a threat. that’s why im confused if it’s just FP or not.
maybe i’ll try to scan some more. make a back up(just in case) and try to delete it and see what happens.
I don’t think its a fp. Send the file to virus total.If you cannot find the file, copy/paste the location where it says file name,then click open.Post the results http://www.virustotal.com/
hi,
i tried to google this file and found out that this file is related to Folder Lock.
now it makes sense because i installed folder lock and forgot to remove it when it expired.
so i removed the program and scanned again.
problem’s now solved. so i guess it really was FP.
I have the same issue. I have Folder lock installed. I quarantined the WinFLdrv.sys, and again when i i tried to restore it says WinFLdrv.sys is already available do you want to over write it. And in the quarintine window below the virus details it shows no virus. While moving to virus chest it said root kit? I deleted WinFLdrv.sys from chest and ran scan again. Now there is no infection in my pc and Folder lock is still installed.