RootKit: System modification C:\\WINDOWS\System32\drivers\sfloppy.sys?

2011-12-06 11:24 am
I reformatted my computer as of yesterday due to a virus attack. I installed Avast, Skype, Mozilla, and Ventrilo. The day after the reformat / clean install, AVAST pops up with a virus detected. I'm not sure what action to take so it tells me to do a boot time scan which comes back clean after I reboot and it scans. However, when I restart my computer, the "threat" C:\\WINDOWS\System32\drivers\sfloppy.sys popped up again. I went and looked for the file and single scanned it and it came up with no threat. So I do a full scan of my computer using AVAST, and it says threat detected with the same file name. What should I do?
更新1:

I downloaded Kaspersky TDSSKiller and no threats were detected. That mean I'm safe?

更新2:

Seems like a lot of people are experiencing this problem.

回答 (34)

2011-12-06 12:47 pm
✔ 最佳答案
I'm having the same problem. I think this is another one of Avast's numerous false positives.
Also, this happened right after the latest virus definition file update -- 111206-0 released 12/6/11 at 4:42:33 AM. (I'm in Eastern time zone if it matters.)
2011-12-06 5:12 pm
I updated virus definition from Avast to 111206-2, restarted and no longer have the problem.
2011-12-06 5:03 pm
Yes, me, too, same message... deleted, reboot scan, deleted again, restart, and then ignored and sent in a ticket. Thanks everybody for the public bark here. I feel better knowing there is a group out there working with this same system and experiencing the same problem that I am. So, it must be the new update and not a problem in our individual computer worlds. We should stay in touch per further global issues...
2011-12-06 11:29 am
Download and run Kaspersky Rootkit scan. http://support.kaspersky.com/faq/?qid=208283363

It's free.

You can also download this file and burn to disk. http://www.avira.com/en/support-download-avira-antivir-rescue-system

This one will burn to dvd or cd after it is downloaded. Just reboot with cd dvd in tray and it will start on windows start up. When it is loaded, go into options and make sure "Remove threats" is check marked, or it will only scan and not remove anything.

This is another boot time scan. Make sure to update before you click scan.
2016-12-12 3:39 am
Sfloppy.sys
2016-02-27 4:40 pm
Spool drivers are mainly system files which works to function your devices like printers, scanners etc. when you give command for a print this drivers files stores the spooled file temporarily and quits as you finish your work.
2011-12-08 8:35 pm
I experienced the same problem with sfloppy.sys on XP Professional, and Avast. Updated Avast program, and went back to an old restore point. Thought problem was fixed - but notice that after all that, if I rename or try to delete sfloppy.sys, the file is restored automatically within a few seconds. Other files in the same c:\windows\system32\drivers directory can be deleted, just not sfloppy.sys - which makes me think the original Avast warning of a rootkit may be correct, and it's still there.
2011-12-07 7:09 pm
I have this same: C:Windows\system32\drivers\sfloppy.sys Rootkit indicated by Avasti since update.
Real Malware threat or false report? Boy are these computer ever getting annoying!
2011-12-07 4:07 am
Hi. I had the same problem but the consequence has been much worse: I cannot get Windows to work any more. The computer starts then prompts for my account password, like usual, and then I only get a blank screen with only the mouse arrow on it.
I use Windows XP Home Edition.
2011-12-06 5:08 pm
Have same problem... started right after I ran up date on 12/05/11 C:\\Windows\system32\drivers\sfloppy.s…when I ran avast in safe mode it showed no problems...anytime else it pops right up...malwarbytes shows no problems at all.
2011-12-06 4:57 pm
So this is a false alarm? Thanks for the information guys!
2011-12-06 4:06 pm
i am also having the same problem,i got the message in the evening after the latest update of avast. whether sfloppy.sys is dangerous? can anyone pls reply
2011-12-06 4:04 pm
Have the same problem too!!!
2011-12-06 3:45 pm
I am getting the exact same issue. Avast is finding a possible rootkit in file: "C:\WINDOWS\system32\drivers\sfloppy.sys"

It just started today(12/6/11). Just to be safe, I downloaded Kapersky TDSS killer and ran that several times. Also, I downloaded Spybot Search and Destroy. Lol I am paranoid. If there is anything on my system I will find it. Hopefully this is just a false positive.
參考: Personal Experience.
2011-12-06 3:37 pm
Hello Guys,

I was also facing the problem, after AVAST updated itself with latest virus update. But THANKS to you guys, that I learnt, that this was because of some false alarm.

And yes, I have renamed that file and chanded it's extension to .OLD.

Thanks again.
2011-12-06 3:23 pm
i think you only need to dismiss the issue. i got the same problem and check the google about sfloppy.sys, the site tell me like this : "Microsoft SCSI floppy file. This sfloppy.sys file is safe and should not be considered threat to your computer."
2011-12-06 3:20 pm
I am from Brazil and I have the same problem here, seems like a false positive, because I don't found any virus in the scan. This happened after I update the version os Avast, like everyone here. And sorry if the english is bad ^^'
2011-12-06 2:54 pm
download new anti virus and updated
2011-12-06 2:47 pm
the problem happend to me to when it sent a message that it updated some driver and then it popped out.
picture of the message:
http://img694.imageshack.us/img694/328/s234.png
2011-12-06 2:42 pm
Yeah, Avast just found that on my virtual XP box. It's completely clean; I installed the operating system, Chrome, and Avast, and updated Windows, then took a snapshot. Every time I use it, I restore it to the snapshot.

Therefore I highly suspect it is just a false positive. I don't see how anybody could have compromised my XP box without compromising the laptop on which my XP box is running, and Avast hasn't found anything on my Windows 7 laptop.

What operating system are you using specifically?
2011-12-06 2:36 pm
D'ont panic guys.... I got same report on some computers that I am serviceing and yes, some of you are wright because it's a false alarm.... And yes, this is directly linked to the last update that AVAST performed. I checked sfloppy.sys and is the same as Microsoft intended to be and unchanged. Funny thing is that if you choose to delete it nothing changes......:)).... Well d'ont be too hursh on AVAST this can happen to even better antivirus software ! I am sure that this will disapear as soon as another update will be performed.... D'ont worry you don't have a rootkit into the operatin system !
2011-12-06 2:31 pm
same here peeps, and just bought a load of software to repair.. to no avail, still showing up in Avast! Well at least we know our PC's are not going to die on us, phew : )
2011-12-06 2:30 pm
I got it too hope in the next update they fix this :), also I replace the file but same.

edit=they fix it just update it and you will see.
2011-12-06 2:29 pm
Same here. I keep getting the pop-up that a rootkit was found. I deleted it once and it came back. O.o It is driving me insane.

I think it is a false positive. A lot of people claim that after Avast was updated to around 111206-1 that this popup keeps occurring and upon deletion, does not go away. It is a Microsoft signed file so I do not believe that it is a threat.
2011-12-06 2:01 pm
Just turned on computer about 1/2 hr ago. avast did its update and i got the same problem.

"A suspicious hidden object (rootkit) has been detected on your system. This may be a sign of malware infection. It is recommended to remove the object immediately."

File name
C:\\Windows\system32\drivers\sfloppy.sys Rootkit hidden file

i expect avast will be issuing an update soon to address this.
2011-12-06 1:50 pm
Me pasa exactamente igual, me aparece la alerta, le doy a elimina y me dice que para eliminar debo reiniciar con un escaneo en el arranque ya lo hice tres veces y en el escaneo no aparece, cuando abro avast me aparece el informe del último escaneo limpio, pero en el anterior sigue figurando la amenaza, como que falta hacer el paso de eliminación que ya realice tres veces !!!!
de locos !!!
2011-12-06 1:50 pm
I got the same problem both with the desktop pc and the netbook. At first I thought sfloppy was something left or infected by an attack I received yesterday visiting a website but now I think it is a false positive since it's like a month I don't use the netbook and the notice popped up right after updating program version and definitions.
2011-12-06 1:43 pm
hi guys getting the exact same thing it started maybe an hour ago ... ill try download Kapersky TDSSkiller see how that goes
2011-12-06 1:26 pm
I'm having the same problem. I have scanned and restarted my computer several times so far. I also hope that this is just Avast's false positive.
2011-12-06 1:20 pm
Same here. even the newer version of 111206-1 also got this message.
false alarm ? or?
2011-12-06 1:12 pm
I'm having the same issue, my computer crashed, probably due to the update (I believe is reason now), at the same time yours did and on restart I got this same exact error. I've scanned and rebooted, but still popping up with the same error, unfixed. Very strange.
2011-12-06 1:11 pm
same time, I also like that, just now I just turn on the computer, and out of the report from avast, he said that sfloppy.sys expressed rootkit
I choose ignore or delete it still restart the computer
there a solution? or restart the computer requests answered "NO"?
or the problem of the computer that there is no floppy disk device?
2 because my computer does not have a floppy disk, and my computer are the only ones there was no floppy disk is any report of avast
2011-12-06 1:02 pm
Getting this too. First time ever, and it happened right after I avast updated the program and restarted my computer.
2011-12-06 12:52 pm
same here, i've scanned both drives for three times already :(


收錄日期: 2021-04-18 15:31:47
原文連結 [永久失效]:
https://hk.answers.yahoo.com/question/index?qid=20111206032415AAXBxpF

檢視 Wayback Machine 備份