Hello, it seems to be a WinDivert driver and developed by Basil Projects. Although i'm not sure which program it belongs.

In Virus total, nothing was detected.

https://virustotal.com/pt/file/2320e9c2e05e021512b4a9c6328caa9761187b10551859d591b6fcc16842fd0e/analysis/  

# AdwCleaner v5.109 - Relatório criado 08/04/2016 às 03:15:27
# Atualizado 04/04/2016 por Xplode
# Banco de dados : 2016-04-07.1 [Servidor]
# Sistema operacional : Windows 8.1 Single Language  (x64)
# Usuário : Carla - CARLA-ULTRA
# Executando de : C:\Users\Carla\Downloads\adwcleaner_5.109.exe
# Opção : Verificar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****

***** [ Pastas ] *****

***** [ Arquivos ] *****

Arquivo Encontrado : C:\WINDOWS\SysNative\WinDivert64.sys

***** [ DLL ] *****

***** [ Atalhos ] *****

***** [ Tarefas agendadas ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2415 bytes] - [08/04/2016 01:09:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [2355 bytes] - [08/04/2016 00:55:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [995 bytes] - [08/04/2016 01:14:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [917 bytes] - [08/04/2016 03:15:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [989 bytes] ##########

 

Re: Possibly False Positive - AdwCleaner

Hello,

It's related to some PUPs which are using this driver, so it's not a FP.

Regards,

Re: Possibly False Positive - AdwCleaner

Hello Xplode, sorry for the insistance, i understand that some PUPs use this driver to capture information. However wouldn't it be possible that a legitimate program, as a Banking module might rely on this driver? Researching in the web, it seems that the signer " GAS INFORMATICA LTDA" makes some banking modules for security protection.

Furthermore, i have just scanned with OTL and found the following entry related to the Windivert64.sys:

DRV:[b]64bit:[/b] - [2015/02/13 15:47:24 | 000,037,592 | ---- | M] (Basil's Projects) [Kernel | Disabled | Running] -- C:\WINDOWS\SysNative\WinDivert64.sys -- (WinDivert1.1)

I have limited knoledge about this logfile, but it says that this driver is disabled, not even "On Demand". May it be an orphan file?

Thanks for your time

Regards

Re: Possibly False Positive - AdwCleaner

Hello,

After some verifications, it seems like this driver is legit although it can be used by some PUPs. It has been removed from the database.

Regards,

Re: Possibly False Positive - AdwCleaner

Thanks Xplode for the assistance!

Regards