# INSTB32.SYS Possible F/P?



## Darkblade97 (May 24, 2008)

Operating System: Windows Vista Home Premium. AVG version 8.0.199. Virus db version 270.9.3/1786. No other antivirus software installed. Protection Software: Windows Defender and Spybot Search and Destroy.


Hello TSF, I have a problem. It started in Wednesday and when I checked to see what my AVG was scanning, AVG detected 2 rootkits both named INSTB32.SYS. I researched the file online and found out that it was associated with my computer application named "Lojack for Laptops". I could not delete nor submit the file to virustotal.com or virusscan.jotti.org because they were both called "Hidden driver" and the result was "Object is hidden" and I do not have Administrator rights because my parents will not allow me because they also use the laptop. I can also show the picture of it if it was allowed. It is not doing any harm I suppose but I have not used the product but it seems legit. I also asked AVG support and they did not find me a solution but just gave me links about a different false positive. Help please.:smile:


----------



## tetonbob (Jan 10, 2005)

Hello -

Seems the best course of action would be to bring it to your parents' attention, since it should require administrator privileges to handle no matter if it's a false positive or not.

If this machine has Lojack For Laptops installed, there should be Absolute Software properties on the file.


----------



## Darkblade97 (May 24, 2008)

Should I consider removing Lojack For Laptops because it came with my Toshiba Laptop and I have never even used it or better yet never touched it till I got this notice?


----------



## tetonbob (Jan 10, 2005)

Nope.

It's one of those applications you never use until you need it.

Again, I'd bring it to the computer administrator's (your parents) attention. It's their decision. If they wanted you to make such decisions, I'd think you'd be in the Administrators group. 

If it's an FP, you want to tell AVG to ignore it, and place it in a safe zone so it won't detect it. If it's not an FP, then you'll need someone with administrator privileges to possibly run malware removal scans. But you need to determine whether or not it is a legit file, first.

Could be a recent update to AVG's definitions has caught a file which was always there...could be a new file...


----------



## Darkblade97 (May 24, 2008)

Thank you for the information. I have a problem though how do I put it in the safe zone when it is in a hidden driver in which I can't find? I am not really sure about if it is a legit file or not because I read in a Kaspersky Forum it was safe but there have been other links saying it might be malware and I do not think it is and I would always need my parents to let me use their Admin. account just to try to remove it. Can I ask you tom. because I need to go now?


----------



## tetonbob (Jan 10, 2005)

Please read what I've written.

Do not decide that just because AVG has identified it as a threat it needs to be removed. I'm not saying it isn't a threat, but you're telling me the machine has the software installed that this file can be associated with.

Protection software is not infallible. The file needs to be examined before a decision is made. 



> a hidden driver in which I can't find


This can only be done with the proper permissions. From an admin account you should be able to find it via a search.

This topic will remain open for quite a while. Bring their attention to it, do not act without due consideration.


----------



## Darkblade97 (May 24, 2008)

Ok I will examine the hidden driver tomorrow and post here with any luck if I have found something. I will come back here tomorrorow and see if I can find anything. Thanks again and good night tetonbob.:wave:


----------



## Darkblade97 (May 24, 2008)

Hey tetonbob, I have a question how do I find the hidden driver because when I typed the location where AVG found it. It would always show an error in trying to find it. Do you know any software that can help? I also found out something weird though. Whenever AVG scans in around 5:30 pm, it would show zero results except a lot of cookies. Then when I scan it my computer in around 8:30 to check it would pop up in my results.


----------



## Darkblade97 (May 24, 2008)

Please reply back.


----------



## tetonbob (Jan 10, 2005)

Hi -

Apparently you're not understanding me...

There is not much you as a Limited User can do about this, and the file does not seem to be one that needs to have you so concerned.

This can only be addressed by the machine's administrator.


----------



## Darkblade97 (May 24, 2008)

I did use the Administrator account and where AVG located it is in C:\Windows\Temp\INSTB32.SYS in which I tried to find it manually and it would say it cannot find the file you were looking for? Also Lojack for Laptops was never installed in my system. It was in my Desktop ever since and I have no interest in paying it whatsoever. It was just there because it was bundled in my Toshiba laptop.


----------

