Possible False Positive-Windows 7 64bit Home Premium

[bikemanAMD]

Here is the File Info

C:\Windows\SysWOW64\kernal32.dll[EMuL} Threat High: Win32.Cycbot-KI(TG)

Detected in 3 Places the same thing, other 2 locations are

C:\Windows\winsxs

If Real Infection, then i may decide to do a  clean PC install, and completely wipe it out, but if false positive then i'll leave it be, Previous Antiivrus was Microsoft Security Essentials, and it always said i was clean, did a scan with Avast last night after switching back, and it detected this

Thank you all in advance

[Pondus]

C:\Windows\SysWOW64\kernal32.dll[EMuL} Threat High: Win32.Cycbot-KI(TG)

was this a custom scan ?
have you selected "scan memory" ?

[bikemanAMD]

Full System Scan, Pre Configured one, and i think Memory is set in that one to scan, i can try anothr custom scan or online one later

[Coolmario88]

Here is the File Info

C:\Windows\SysWOW64\kernal32.dll[EMuL} Threat High: Win32.Cycbot-KI(TG)

Detected in 3 Places the same thing, other 2 locations are

C:\Windows\winsxs

If Real Infection, then i may decide to do a  clean PC install, and completely wipe it out, but if false positive then i'll leave it be, Previous Antiivrus was Microsoft Security Essentials, and it always said i was clean, did a scan with Avast last night after switching back, and it detected this

Thank you all in advance

Hello I am also running Windows 7 64bit Home Premium i scanned the dll you mentioned and avast didn't detect it on my pc. (see image below)

[msowards]

It's not just Home version.  I'm using Win 7 64 bit Professional version. 

    Yesterday evening I got the exact same virus warning.   

   It was caught by a full systems scan, which I run daily,  so I believe I was infected during the day on 9/23 or either Avast scans did not pick it up for almost a year.  Or...  It could be a false positive. 

   In any case the system worked fine until reboot.  When Avast caught the virus it "moved the suspected files to the war chest" and then suggested the boot scan be run.  I did that with no further virus detection. 
   However, after the system completed the full scan at boot Windows 7 was not working.  I could sign in and everything looked fine (good back ground, desk top ICONs, Gadgets all were present and working), but no application would run.  Most of the services were stopped, Avast itself was affected - not running and the Control Panel was empty. 
 
     I called Avast support, but the Iyogi floor super finally gave up and said I would have to re-install.  He thought the user profile was corrupted but with no control panel applets we could not add new User account.  He tried activating the built-in Administrator account from the repair console (net user Administrator /active:yes) it didn't work. 

   This boot time repair console, however, also had an option to do a restore.  So before doing a re-install I tried restoring from a restore point made earlier in the day (9/23 -Caused by a Microsoft critical update).  The restore was successful and when I rebooted and finally got back in to my system everything was running. 
   I did another full scan--- the same virus was found again in the same spot.  Avast did the same thing again 'moving the suspect files' and requesting a boot time full scan.  I rebooted but did not do the full scan. 
   The action taken by Avast caused the same broken system.  So I rebooted again, this time when I did the boot time repair console I chose a restore point from 9/20.  When the restore was successful and the systems rebooted everything worked fine and a scan of the affected directories showed no virus.   That was about 0130 last night a full 7.5 hours from the first discovery.   
   This morning I've run another full scan with the latest AV defs from Avast and still no virus found.

[Dave Summers]

Im having a similar problem as the above user did only it did not end in a solution none of my restore points are working.

[Asyn]

Im having a similar problem as the above user did only it did not end in a solution none of my restore points are working.

Well, both of you should start a new topic, instead of hijacking this.

[bikemanAMD]

Will Run an online scan over night, and then see with Avast in the morning with memory scan off, also got some internet maintenance to do tomorrow unrelated to this

[AvastPrincess]

I am a paid subscriber who does not use your free version, so this is even more frustrating. If I sound a bit short, you will have to forgive me as I have spent hours and hours trying to fix the mess that Avast created on my computer by merely running a scan! NOTHING was wrong with my computer until I ran Avast, and lo and behold it found a high risk Trojan that COINCIDENTALLY MANY AVAST USERS ARE ALL GETTING IN THE PAST FEW DAYS SIMULTANEOUSLY! OBVIOUSLY something is wrong on Avast's end and it is causing people to move it to the chest as recommended only to have our systems crash with nothing working after we reboot! I could not even uninstall Avast! I could not open Avast (all after you reboot of course). I was not running any unusual scans and many are having the exact same problem, and here's a shocker....we are all using Avast and it's only happened in the past two days! I am furious as I type this as I was literally feeling sick to my stomach thinking I have lost everything that was on my computer and will need to buy a new one! System Restore did not even work as others have attested to throughout the Internet and in a few threads here after getting this same thing:win32:cycbot-KI

Sorry but this was inexcusable and nightmarish. There are people on Yahoo also stating that they have Avast and either all of us are getting false positives or Avast's handling of this particular Trojan in it's software is worse than the Trojan itself as it shuts everything down after Avast has supposedly found it! I could not get anything to work! You have no idea how many things we tried and we are not idiots! Sorry but yeah...I am seriously pissed here and I am not alone! Thankfully the suggestion one user left worked (after borrowing my roommates computer to find out what the hell was going on) but only once I was in safe mode as the administrator only. Once I was in safe mode, I typed in SFC/Scannow and it ran for a while and said that it corrected the errors and I finally gained access to my own computer again. I pray when I log in tomorrow that all is well, but now I do not trust Avast and that hurts because I a a long time supporter of Avast and have recommended it countless times. I was thisclose to buying a new computer over this! Others are still stranded and unable to get on their computers! They are using others! This needs to be addressed by Avast and soon! I am not going to risk running my Avast anymore. What a long night of hell! God!

[gordonlw]

I got the same thing this morning on my windows 7 64bit ultimate machine.  my xp machine was fine this morning btw.  after reading this thread and others I updated AVAST and scanned the file again inside the virus chest and it came up clean!  I then restored the file and for good measure ran a scan of the SysWOW64 folder with malware bytes and avast and they both came up clean.

so pretty safe to say it is a false positive.  and I'd venture to guess that avast knows this now since I updated and ran a scan of the flagged file and it came up clean.

after doing all that I rebooted and everything works just fine!  hope this helps......

[igor]

If the name of the file is indeed kernal32.dll, instead of kernel32.dll, and since avast! tried to emulate the file (which means it's most likely packed), the file is most likely malicious (even if the particular detection was a false positive itself).

[gordonlw]

mine was kernel32.dll not spelled wrong.  since my last post I've ran full and quick and both are clean.

[ianb]

I've just had the exact same thing (Win 7 64 Bit). Discovered in Full Scan. I'm pretty sure this is a FP.

[galen]

I can confirm the same problem, discovered during a full scan last night. Not realising the consequence I deleted the so-called trojan only to find the system would not run at all afterwards. A complete restore of drive c: from back-up was needed. Has anyone had a response from the team concerning this - it is urgent enough to warrant it!
Regards,

Bob