Sign of Rootkit

[Nicku]

Hey all!

Scanning my system with avast! today I get warnings for over 250 files that avast! detected signs of rootkits. In the log file, this looks as follows:

16.12.2008 09:25:36   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setup.bmp\medctroc.dll" file.
16.12.2008 09:25:37   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setup.bmp\ehOCGen.dll" file. 
16.12.2008 09:25:37   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setup.bmp\plusoc.dll" file. 
16.12.2008 09:25:41   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupdll.dll\medctroc.dll" file. 
16.12.2008 09:25:41   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupdll.dll\ehOCGen.dll" file. 
16.12.2008 09:25:42   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupdll.dll\plusoc.dll" file. 
16.12.2008 09:25:46   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupapi.dll\medctroc.dll" file. 
16.12.2008 09:25:46   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupapi.dll\ehOCGen.dll" file. 
16.12.2008 09:25:46   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupapi.dll\plusoc.dll" file. 
16.12.2008 09:26:17   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe" file. 
16.12.2008 09:26:18   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe" file. 
16.12.2008 09:26:38   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe" file. 
16.12.2008 09:26:39   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe" file. 
16.12.2008 09:26:58   user-name   3844   Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\ZPP.DLL" file.

and so on...

I have no idea nor what this is nor what I can or should do about it. Cleaning the system with CCleaner didn't change anything. Can anyone help?

Thanks in advance

Nicku

[Lisandro]

Do you use an Acer computer?
There is a well known bug with Acer computers.
They're working on it.
Until there, as a workaround, disable rootkit scanning in the Trobleshooting tab of program settings.

[Nicku]

Yes, it is an Acer!

I guess I'll just wait then...

Thanks anyway!

[Lisandro]

I guess I'll just wait then...

Don't forget the workaround and, also, to check the forums regularly to see if the problem was solved. Also, keep your avast program and virus database updated.