Avast Anti-Rootkit detects a rootkit!

[*peter79*]

I just scanned my laptop with the standalone Avast Anti-Rootkit app and it found 1 hidden file:

File C:\WINDOWS\Temp\_avast4_\unp147376238.tmp  **HIDDEN**

Scan finished: 26 June 2008 22:37:23
Hidden files found: 1
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

I clicked the Fix Now! button but the Fix Status is Error! (see attached screenshot)

I also scanned with the following free programs today but they didn't detect any problems:
Avast 4.8
Malwarebytes Anti-Malware
Spyware Terminator
Advanced Windows Care V2

All these programs are up-to-date. My standalone Avast A/R is version 0.9.6. I don't know if this is the latest version, as when I try to check for updates, the link just opens a white webpage with the following code displayed on it: http://www.avast.com/{lang}/free-avast-anti-rootkit-for-window3.html

System is Windows XP Service Pack 3
Firewall is Comodo Pro (free)

Any idea what this file found by Avast A/R is?

Thanks for your help - Peter

[Lisandro]

For sure, it's an avast antivirus file... I don't know the reason for it's being detected as hidden.

[*peter79*]

Thanks Tech. So this file is not a threat?

I just scanned again now and Avast A/R doesn't pick up any problem.

Perhaps it picked it up as a false positive the first time, as I had some other programs open when scanning that time.

[igor]

I guess there has probably been going on something on your computer during the antirootkit scan.

The thing is that if there's some activity during the scan (it could be almost anything - web browsing, starting of other applications, ...) - it may result in similar false positives. When files are created and deleted during the scan (e.g. in browser cache), or new processes are started and terminated - the rootkit scanner may see the changing objects as hidden, and report them.

It's kinda funny that it was avast!'s own file in particular this time - but avast! probably didn't create the file just by itself - some other file has been started or written and avast! created this temporary file when unpacking its archives in the resident protection.

So, you really don't have to worry here.

[*peter79*]

Thanks for explaining that to me Igor. It's good to know it.

Glad that it was just a false positive 

[Lisandro]

Glad that it was just a false positive 

I don't see it as a false positive... rather, we need to follow the advice of closing all programs while doing an anti-rootkit scanning.

[*peter79*]

Yes Tech, I agree. I didn't realise how important it was to close all programs before scanning until this happened yesterday. Thanks