Author Topic: ROOTKIT Win32:Malware-gen in System32  (Read 18762 times)

0 Members and 1 Guest are viewing this topic.

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
ROOTKIT Win32:Malware-gen in System32
« on: December 05, 2012, 08:07:55 PM »
Hello !
I've just turned on my computer, and after the system has started up a warning message from Avast popped up telling me that "ROOTKIT FOUND".
I think the rootkit has to do with the internet connection, it's named SVC: Tcpip and is located in "C:\Windows\System32\Drivers\tcpip.sys" the name of the rooktit is "Win32:Malware-gen".
The AV offers two option "Delete Now (recommended)" or "Ignore".
and since there's no option to send it to "the Chest" I wanna delete it, but before I wanna know if that's gonna affect my internet connection or something else, or I can delete it safely.
NourinE

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #1 on: December 05, 2012, 08:13:47 PM »
Do not delete it

Could you follow the steps here http://forum.avast.com/index.php?topic=53253.0

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #2 on: December 05, 2012, 08:14:35 PM »
ok, thanks. I'll take a look at the link.
NourinE

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #3 on: December 05, 2012, 08:19:46 PM »
I just closed the the window of avast warning message. is that going to delete the rootkit?
NourinE

Offline emc_2

  • Newbie
  • *
  • Posts: 10
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #4 on: December 05, 2012, 08:26:59 PM »
I'm experiencing the same thing. Wonder if they're related somehow :D

http://forum.avast.com/index.php?topic=110768.0


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #5 on: December 05, 2012, 08:31:30 PM »
I don't know yet I will need to look at all the logs to make a determination

Offline Rannta_renner

  • Newbie
  • *
  • Posts: 2
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #6 on: December 05, 2012, 08:35:02 PM »
Same problem here. Checking on twitter, its a massive problem.  Definitely it's a issue from the update of today or something like that. I delete it like avast suggest and the network crash after that.
Avast guys, FIX IT.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #7 on: December 05, 2012, 08:37:59 PM »
What VPS do you have mine is 121205-1

I am not experiencing this problem on either windows 8 or 7

Offline Rannta_renner

  • Newbie
  • *
  • Posts: 2
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #8 on: December 05, 2012, 08:44:46 PM »
I'm a windows xp user. Version is 121205-1. Definitely an issue on windows xp.
« Last Edit: December 05, 2012, 08:49:06 PM by Rannta_renner »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #9 on: December 05, 2012, 09:13:41 PM »
Are any of you using peerblock ?

Offline emc_2

  • Newbie
  • *
  • Posts: 10
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #10 on: December 05, 2012, 09:19:41 PM »
Look's like 100% FP only affecting XP users.


Offline Flippy

  • Avast team
  • Jr. Member
  • *
  • Posts: 45
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #11 on: December 05, 2012, 10:22:06 PM »
Hello guys,
this was false detection and should be fixed in latest stream update. We really sorry for inconvenience.

Filip Chytrý
Virus analyst

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #12 on: December 05, 2012, 10:56:30 PM »
Intriguing, it was not detected on my XP maybe as it was a VM ??

Offline N@URINE

  • Full Member
  • ***
  • Posts: 167
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #13 on: December 05, 2012, 11:25:33 PM »
For me, I'm using Windows XP. VPS: 121205-1.
I just closed the window of Avast warning message. Then I was asked to run the boot-scan, but I canceled. afterwards a system warning message appeared saying that I need to insert my Xp CD to repair or install some missing files. I also canceled.
When I restarted my computer, I couldn't connect to the internet at all.
I restored my computer, and fortunately it worked. but after received the latest VPS: 121205-1. the Avast warning message popped up again.
NourinE

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: ROOTKIT Win32:Malware-gen in System32
« Reply #14 on: December 05, 2012, 11:32:58 PM »
Update avast manually