Avira FP: ute4mtyw.sys - where did it come from?

Discussion in 'other anti-virus software' started by EliteKiller, Apr 20, 2008.

Thread Status:
Not open for further replies.
  1. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Today I started receiving this notification from Avira Premium v8:

    Virus or unwanted program 'TR/Rootkit.Gen [trojan]'
    detected in file 'C:\WINDOWS\system32\drivers\ute4mtyw.sys.
    Action performed: Allow access

    The properties of the file say AVZ driver 1.2.0.0, and I know AVZ to be a Russian anti-malware outfit. However I have never had AVZ on my pc, but I have loaded the Kaspersky AVP tool a few times. Here's a recent thread on AVZ: https://www.wilderssecurity.com/showthread.php?t=201548

    ~VirusTotal link removed per Policy~ I submitted the file to Avira and here’s their response:

    I am using VDF 7.0.3.189, with the guard heuristics set to high, and it is still detecting 'ute4mtyw.sys' as a TR/Rootkit.Gen. Does anyone else have this file on their pc? Google search does not display any search results.
     
    Last edited by a moderator: Apr 20, 2008
  2. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,578
    Location:
    Sneffels volcano
    It's still detected with heurist. settings at medium or low? Btw, i don't have this file on my box.
     
  3. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Yes. :(
     
  4. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,578
    Location:
    Sneffels volcano
    then Elite i would try asking this on avira forums :doubt:
     
  5. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    I see no harm in choosing to post on this forum since a majority of the Avira forum 'regulars' frequent this place. FWIW the file was previously uploaded to both virscan.org and virustotal by other people within the past week before I chose to rescan the file today. The date the file was created on my pc was Dec. 25, 2007 @ 8:25am, and that was the first day I actually installed the AVP Tool.

    https://www.wilderssecurity.com/showthread.php?t=195577
     
    Last edited: Apr 20, 2008
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    AVZ is bundled with the AVP Tool. AVZ is property of Kaspersky.
     
  7. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    I suspected this per my original post, and I do appreciate the additional input.


    What's odd is that I sent an email to support@avira.com seeking advice on this issue, yet I receive a canned response from virus_malware@avira.com stating:

    I realize that virus@ and virus_malware@ request that you not spam, however why would the support@ email refuse to answer specific questions?
     
  8. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    from the link you posted:
     
  9. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    I submitted the file via the web interface as discussed in my original post. The mod deleted the URL from 'submitted' when he edited my post. :gack:

    The email sent to support@avira.com was inquiring about the FP and why it is still being detected with latter VDF's. In return I received a canned response from a different email (virus_malware@avira.com) instead of support@.
     
  10. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    post on their forum. It's faster and better. ;)
     
  11. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    566
    EliteKiller, did you try submitting the file to Stefan (heuristik2@avira.com) since he is the one dealing with heuristics and generic detections? Maybe that will be fixed after an engine update.

    thanatos
     
  12. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Yup, please send binary malware HEUR or .Gen detection problems to the email Thanatos mentioned. I made them, so I need to fix them aswell. :)

    Changing heuristic level does not affect .Gen detection.

    What is strange that the FP popped up suddenly with no engine update and no changed .Gen rules. It seems the AVZ driver changed?
     
Loading...
Thread Status:
Not open for further replies.