Rootkit - false positive?

[REDACTED]

I ran a scan, about 4 weeks ago and was advised that Avast had found a single  rootkit. It was not long after a recent installation of Office 16 purchased from Microsoft directly. It found the file in the Office16 folder, in a wofcompresseddata file. It had a message of Error: access is denied on the Action Result. I happened to be running/scanning MalwareBytes at the same time as the Avast scanning...  I ran the Avast scan immediately again and it found nothing. I haven't been using the PC but checking it a few times a week, with updated scanning databases. I have tried Anti-malwarebytes Antimalware, no hits for anything, appears clean. I downloaded their standalone rootkit checker, no hits. I downloaded Norton Power Eraser (NPE), no hits. I have probably ran about 30 scans in the last 3-4 weeks, updating the scanning software and no hits, at any time since. Is this likely a false positive? I have Windows 10 64 Bit. Not using the machine at the moment.

On a  second machine, not my own, last week, I had a detection with Avast for a rootkit.  This machine is independant of the first machine. Not networked with it. Don't access my emails on it. Don't share software with it. Don't share media/storage devices or use the machine in a personal capacity (someone else's machine). On a second Avast scan, it found nothing. I used Antimalaware and NPE and malwarebytes rootkit scanner, no indication of anything, checked several times. Windows 10 64 bit.

Is it possible there has been a false positive on these machines due to a windows update or similar? I can't find any evidence beyond the initial scans that there has been any issue.    Not sure what do do next.

Edit: I ran boot-time scans as well using Avast and NPE and these came back clear.

[Pondus]

I happened to be running/scanning MalwareBytes at the same time as the Avast scanning...

Don't run scan with both tools at the same time

Suspicious files can be uploaded and tested here  virustotal.com  /  metadefender.com  /  jotti.org

[REDACTED]

I haven't been able to find the file, I may have deleted it at that time manually. Can anyone advise what else I can do at this stage? I have since ran Avast, Malwarebytes main software, Malwarebytes mbar Rootkit software, TDSSKiller and Norton Power Eraser. No hits on rootkits for any of these machines. Any further guidance would be greatly appreciated.

[Pondus]

Is it possible there has been a false positive on these machines due to a windows update or similar?

Yes it is possible

[REDACTED]

Thank you for the reply.

Are there any other checks or software or services I can use or access to determine if these machines have a problem?
 

[Pondus]

Follow instructions and attach requested logs  >>  https://forum.avast.com/index.php?topic=194892.0
- Farbar Recovery Scan Tool

[REDACTED]

Forgive my ignorance! I have downloaded Farbar.  Does Farbar provide identifiable information in the scan like serial numbers on software or anything of that nature or information that would identify the system in the future that can be exploited?

[Pondus]

No

[REDACTED]

Files attached for the machine with new Microsoft Office 16 install. I may have deleted the file (possibly needed for office) after it happened, after a second scan that was clear.   Thanks for looking at this.

[Pondus]

Expert is notified, check back tomorrow

[dbrisendine]

Your logs are clean.  I would say you have a FP due to temporary definition problems and / or dual scanners running at the time.  Since all other dedicated scanners have come back negative, it looks as if you are good to go.

[REDACTED]

Thank you both for your help on this.  I was concerned because a second computer had a warning as well about 4 weeks later (machines not networked and don't share files), and again, with Avast and it couldn't find anything on a second sweep. Not sure if it is an Avast glitch (I am learning FPs actually happen) or just one of those things.  If there is anything I can or should do from here, I would be happy to take on your advice.  Again, thank you for looking at this.