FP: PnkBstrK.sys

[belalessandro]

Avast detects the file PnkBstrK.sys (situated in the system32\drivers and in the directory of Call Of Duty 4\pb), which is an important file of the Punk Buster (Call of Duty 4) as a Win32:Rootkit-Gen[Rtk]
I've already sent it to virus@avast.com and I hope Avast team will correct it as soon as possibile

Here the report:

File PnkBstrK.sys received on 07.01.2008 16:50:43 (CET)
Antivirus   Version   Last Update   Result
AhnLab-V3   -   -   -
AntiVir   -   -   -
Authentium   -   -   -
Avast   -   -   -
AVG   -   -   -
BitDefender   -   -   -
CAT-QuickHeal   -   -   -
ClamAV   -   -   -
DrWeb   -   -   -
eSafe   -   -   -
eTrust-Vet   -   -   -
Ewido   -   -   -
F-Prot   -   -   -
F-Secure   -   -   -
Fortinet   -   -   -
GData   -   -   -
Ikarus   -   -   -
McAfee   -   -   -
Microsoft   -   -   -
NOD32v2   -   -   -
Norman   -   -   -
Panda   -   -   -
Prevx1   -   -   -
Rising   -   -   -
Sophos   -   -   -
Symantec   -   -   -
TheHacker   -   -   -
TrendMicro   -   -   -
VBA32   -   -   -
VirusBuster   -   -   -
Webwasher-Gateway   -   -   Win32.Malware.gen!92 (suspicious)
Additional information
MD5: e2bf955fe43c7a79d6cddcf2c100ed78
SHA1: 5e4c6b2f6999599310dbeed02977168fff0d5c3e
SHA256: 459d87fd6789edec3c39769b638f50b886fb483b470f21111e0034e7842929d2
SHA512: b00b30510e42ca58549e8c19c5237384d0ddf95943afd792a7847aca88335f4baf0ba851829ddc2a7d9c6fec033876e1ff369b17555715008b8db193e0c88841


 Scan taken on 09 Jul 2008 11:54:38 (GMT)
A-Squared    
Found nothing
AntiVir    
Found nothing
ArcaVir    
Found nothing
Avast    
Found Win32:Rootkit-gen
AVG Antivirus    
Found nothing
BitDefender    
Found nothing
ClamAV    
Found nothing
CPsecure    
Found nothing
Dr.Web    
Found nothing
F-Prot Antivirus    
Found nothing
F-Secure Anti-Virus    
Found nothing
Fortinet    
Found nothing
Ikarus    
Found nothing
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found nothing
Norman Virus Control    
Found nothing
Panda Antivirus    
Found nothing
Sophos Antivirus    
Found nothing
VirusBuster    
Found nothing
VBA32    
Found nothing

[Pinpoint]

Ive also have this problem and i really need my game for leagues wars. as soon as possible

[misak]

False positive alert will be fixed in few hours in VPS 080709-1

[Barbaricfellow]

I have the same thing with the PnkBstrK file.
I am getting malware reports from  2 places :  In the game folder of my game (cod 4/pb) and in sys32/drivers

Thing is..... if i tell AVAST to exclude these files.., then why won't it do just that???

[Lisandro]

If i tell AVAST to exclude these files.., then why won't it do just that???

There are two Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.

[matty13]

Still awaiting a fix, i do hope that avast hasn't deleted any of the files, my pc locked up when i had cod4 running when it came on so i did ctrl alt delete, load up task manager, then pressed continue, i do hope i didnt accidently delete punkbuster file or something.

[Lisandro]

i do hope i didnt accidently delete punkbuster file or something.

It's always better and safer send the file to Chest than directly deleting it...
It allows restoration in case of a false positive.

[matty13]

Well yeah but because the game froze and i was pressing keys on my keyboard i mean i just hope i didnt press a hotkey for delete or something, i dont believe avast has a hotkey or you can delete using keyboard?

[Lisandro]

i dont believe avast has a hotkey or you can delete using keyboard?

avast don't have this features. You'll receive a virus warning and this message (window) has a delete button.

[Joyful]

Any news on the fix?

[belalessandro]

wait.. the fix will be relased soon
in the meanwhile follow the instructions about the two Exclusion lists..

[mrg3dit2002]

can someone plz post the default command line of the exclusion.
i cant seem to get it rite <i just wana play>

[Wafuzz]

Yeah it is quite bothersome. I am looking forward to the next update.

[Barbaricfellow]

If i tell AVAST to exclude these files.., then why won't it do just that???

There are two Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.

The first time  I opened the main program and went to advanced and then added the files to the  exclusions list
But where would i need to do it on the simple interface?
Should i choose   web-shield ,network-shield or standard-shield in the left pane?

[ratchetclan4]

thanks for the new update problems fixed...

why was it classed as a rootkit-gen?...because it spys on files to see if they contain hacks ect?