Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Help Please - Infection Shown In Rootkit Scan
October 20, 2010 16:41 Help Please - Infection Shown In Rootkit Scan #117511
Reply with Quote | Quick Reply | Top
Rabbits9

Avatar

Novice
Join Date: 20.10.2010
Posts: 2
After installing the new AVG I did a rootkit scan - the result was -

AVG 2011 anti-virus rootkit scan results - NOT REMOVED

File
"";"C:\WINDOWS\system32\drivers\sfsync02.sys"

Infection
"IRP hook, \Driver\atapi IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys +0xD60"


Result
;"Object is hidden"


I have an option to remove - but should I?
October 20, 2010 17:06 Re: Help Please - Infection Shown In Rootkit Scan #117513
Reply with Quote | Quick Reply | Top
Keymaker

Avatar

AVG fan
Join Date: 10.10.2009
Posts: 118
Nope, its a game protection software. You apparently have some original game .. amazing smile
October 20, 2010 20:35 Re: Help Please - Infection Shown In Rootkit Scan #117607
Reply with Quote | Quick Reply | Top
miappia

Avatar

Novice
Join Date: 20.10.2010
Posts: 1
Root-Kit Infections!!..

Hello I have just run my root-kit for the first time and have 350 come
up"";"C:\WINDOWS\system32\dla\tfsnifs.sys";"IRP hook, \FileSystem\Fs_Rec IRP_MJ_FILE_SYSTEM_CONTROL -> tfsnifs.sys GetSystemType+0xC53D";"Object is hidden"

This is a copy of just one should i remove - how do i know if they are legitimate programs or should they be removed.
October 21, 2010 07:43 Re: Help Please - Infection Shown In Rootkit Scan #117823
Reply with Quote | Quick Reply | Top
jirka82

Avatar

Administrator
Join Date: 19.6.2009
Posts: 3892
Hello miappia,

please be informed that the tfsnifs.sys file belongs to drive letter access, usually connected to disc burning software.

how do i know if they are legitimate programs or should they be removed

Searching the filename on Internet provides initial information. You may then uninstall the related software temporarily to check whether the anti-rootkit detection is not present. Also, please check the FAQ 2353 article.
You may also send us the detected drivers for analysis as described in the "How To Handle Infection Suspicion?" post if some obviously suspicious file is detected by the scan (however, please check the FAQ 2346 article first).

Thank you.

___________________AVG TeamHow-To articles | FAQ
March 26, 2011 12:50 Re: Help Please - Infection Shown In Rootkit Scan #154459
Reply with Quote | Quick Reply | Top
alesk

Avatar

Novice
Join Date: 20.7.2009
Posts: 4
jirka82 wrote
... please check the FAQ 2353 article.
...FAQ

Thanks for your comments. I have looked at the articles mentioned and I still don't know if the two root-kits found on my laptop pose a problem. They are identified as follows:

C:\WINDOWS\system32\dla\tfsnifs.sys
IRP hook, \FileSystem\cdudf_xp IRP_MJ_FILE_SYSTEM_CONTROL -> tfsnifs.sys GetSystemType+0xCBA2
Object is hidden

C:\WINDOWS\system32\dla\tfsnifs.sys
IRP hook, \FileSystem\UdfReadr_xp IRP_MJ_FILE_SYSTEM_CONTROL -> tfsnifs.sys GetSystemType+0xCBBA
Object is hidden

Thanks for any help,
AE
March 27, 2011 12:55 Re: Help Please - Infection Shown In Rootkit Scan #154525
Reply with Quote | Quick Reply | Top
dusano123

Avatar

Moderator
Join Date: 30.9.2009
Posts: 3566
Hello alesk,

I still don't know if the two root-kits found on my laptop pose a problem.

No, they do not pose a threat. You can simply ignore the detection. More information can be found in the mentioned FAQ articles above your last post.

Thank you
___________________AVG TeamHow-To articles | FAQ