A very similar sequence of events has happened to my system too. This may shed additional light on this thread's problem, because I know something about the file that Avast finds.
Preliminaries: Avast Home Version 4.8, Build: Dec2008 (4.8.1296). Win XP SP2 Home, AMD Athlon XP 2500+, NFII 400-AL motherboard (NVidia nForce2 400 chipset). The system is not overclocked. I'm located in Los Angeles, California, USA (GMT-8).
What's unusual: It's a multiboot system using BootMagic from Partition Magic 8.0 (Symantec/PowerQuest). BootMagic is a program which runs in a separate tiny partition and overlays the MBR to select among several available C: partitions by hiding and unhiding them. This setup with BootMagic has been highly stable; it dates to 2002 and is on its third processor, second motherboard, and second operating system (Win XP SP2 was installed over Win 98 in this C: partition in 4/2007.) While a few program files are on C:, most, including Avast, are run from D:. All partitions are FAT32.
On 11/24/2008, I received a "Suspicious File Found!" warning:
File name: C:\WIN98SE2\system32\Drivers\PQNTDRV.sys
Type: Rootkit: hidden file
As others in this thread have done, I checked the box to submit the file to ALWIL, checked the box to not tell me about this file in the future, and clicked "Ignore". Not only was that the Avast-recommended action, but I suspected that PQNTDRV.sys was part of BootMagic because of the "PQ" that PowerQuest uses to identify its file names. (The rest of the name, NTDRV.sys, is rather common.)
Almost immediately thereafter I received a warning that "avast! has detected a virus in the operating memory..." I clicked "Yes" to schedule a boot-time scan. The scan ran to completion on all partitions it could see and found nothing bad.
Since then, like others in this thread, I have received the two error messages. I continue to click Ignore each time but have not done a boot-time scan again.
Avast had run without any problems or false alarms for more than a year before the above events. I suspect that the latest Avast version has discovered my BootMagic--first on the disk, then, left over somewhere from startup, as a "virus in the operating memory". I am pleased that Avast did not force me to delete the PQNTDRV.sys file or try to "repair" my MBR, as either action would have caused a catastrophe. For your analysis I am attaching the files aswAr.log, aswBoot.log, and Error.log which I found in D:\Program Files\Alwil Software\Avast4\DATA\log with appropriate dates.
Thanks in advance for your assistance.
--Lee
