Possible Virus

[Cutie Mark Surprise]

Avast picked up a rootkit in Chcfg.exe in windows/system32 and I sent it to avast for analysis. is it a real rootkit or false postive? Just Curious and I uploaded it to Virustotal and Avast is the only one that detected the rootkit in Chcfg.exe. Any ideas?

[polonus]

Hi Cutie Mark Surprise,

Yes the corrupted files were first seen in Malaysia. You can repair this corrupted file in, and get it from here: http://www.corruptedfilerepair.com/File-Information/ChCfg.exe--.asp
First do this: http://www.precisesecurity.com/how-to/ht-srxp.htm

polonus

[Cutie Mark Surprise]

Is it a false Postive or a corrupted file? Thank you and Avast still flags it as a Rootkit.

[polonus]

Hi Cutie Mark Surprise,

I is more than likely a False Positive, but I would you to check on the file with IceSword from here:
http://majorgeeks.com/downloadget.php?id=5199&file=10&evp=0d36c3ec48c6373fd5daac78f0c6a417
manual to be found here: http://www.castlecops.com/ (register free to read it),

polonus

[Cutie Mark Surprise]

I tried Ice Sword but it crashed my computer. Is there any other way to check that file?

[polonus]

Try this:
http://online.drweb.com/

pol

[Lisandro]

To be sure, the better will be test the file against on-line scanners. Submit the file to:
Virustotal
Jotti
There is also Kaspersky File Scanner (The file should not be larger than 1 MB).

[polonus]

Hi Cute Mark Surprise and Tech,

Check the file you have against the information found here:
http://www.spywaredata.com/spyware/malware/chcfg.exe.php
I lean towards a False Positive, very likely...

polonus

[Cutie Mark Surprise]

On Dr Web it came up clean and I guess it is a false postive. Thank you and I hope they can fix that.  It is a false postive.