c:\windows\system32\svchost.exe Rootkit ;-(

[Boglen]

You can restore system by System Restore. default system restore doesn't work, but you may run ERD Commander 2005.
I'm up about 20 systems today..

[ring0]

it confirms that avast is really really a worse av

 take antivir and see the difference !!!!

[Vlk]

it confirms that avast is really really a worse av

 take antivir and see the difference !!!!

Which difference, really? That it doesn't FP on svchost.exe?
Trust me, similar things happened to them as well (and to the other AV companies, Symantec/McAfee including, too).

This is not an excuse for avast, it's just that trolling is the last thing people want to hear now.


Cheers
Vlk

[Lisandro]

Vlk, I can't believe such a file will give a false positive...
Shouldn't it be digitally signed?
How can this signature pass to your standard tests?

If the user delete or move the file to Chest in boot scanning, how would it be allowed to logon again? Another incident that asks for a boot time access to Chest.

[Boglen]

Мужики, кто на родном и могучем рубит, обращайтесь, отконсультирую какими способами можно восстановить систему 

To Restore system you can try to start from a your windows install disk d:\i386\winnt32.exe and choose a mode - updating.
Or rollback system by external utils, like ERD. Necessarily copy svchost after rollback the system.
If you simple copy the svchost in the system32, it will not help

[golem XIII]

We are french resseler, we habe more than 10 PC dead.
When people from avast are going to give us :

Right explication
Fix to repair damaged files ands registry database

IT's YOUR RESPONSABILITY !

Emmanuel

[Merralux]

Guys so I dont have that virus?It was a false alarm?I want to be 100% sure because i have to make something with my bank account.

[lea]

hello everyone,
as many people here, i have the same problem i put the "false virus" in quarantaine and since then i have many problems and i don't have the internet anymore.
is the latest vsp going to correct something or is it just to prevent other persons to have the same problem ? i downloaded it (released: 4.6.2008, version: 080604-1) from another computer, i'd like to know if it's going to do something before install it (i don't want things to get worse...).
thank you in advance for your answer.

[DavidR]

I haven't had any alert on svchost.exe since this was first reported in this topic, XP Pro SP2, English language version.

I did a specific scan with ashQuick.exe (right click) on this file with VPS 080604-1 and no detection.

[fonzy44]

Hi,

To Avast developers:

Please it's very urgent to react to this problem, (the same as described along this thread) cause many people around me (including myself) can't use their computer anymore.

Too many people are facing with the same problem caused by Avast antivirus which has corrupted the OS.
So, please, be professional and:
1. Put a message on the main page of your website (www.avast.com) saying that there was a problem and you're working on it.
2. Do all what you can to provide us quickly a patch to restore deleted / corrupted files / registry
==> That what I call "Professionalism"

I use Avast antivirus since more than 3 years now and never had any problem with it, I will continue to believe in it, but please FIX THE PROBLEM !

By the way, don't forget that many people don't know what is the recovery function on the Windows XP CD, and surely don't know where they let this CD cause they only use their computer for web surfing and mail !

Thanks in advance for your quick response !
Fonzy.

[igor]

Some people are working on it and I don't know the full details - but personally, I think it will turn out to be impossible to restore the deleted registry.

[kakashi99]

Hi all,

of course it will be impossible for you to restore the deleted registry, but what you can do it's to put a warning on avast website or mail every avast customer.
A lot of people (in France) have deleted this file "thanks" to this alert, and once they have re-install windows, the message come back again... You have to explain how to avoid this.

[igor]

If Windows is reinstalled, so is the other software, isn't it? So, how would the (now obsolete) virus database, containing the false alarm, get there?

What I'm trying to say is that the false alarm should not re-appear... unless I'm missing something obvious, of course.

[kakashi99]

when I say "re-install" I mean use the function "install" then "repair" on Windows XP boot menu.

I have did it yesterday evening. at begining everything was working fine, but 15 sec after windows start, the alert came back again... Really strange... tonight I will update avast, and hope that the problem will be fixed.

but please, keep your users informed when there is a so big issue with your product !

[igor]

So, you successfully repaired your system with the "Repair" option from Windows CD?
No network problems, all installed programs working, etc.?