Author Topic: "Win32:Rootkit-gen [Rtk]" has been found in (Read 19283 times)

Lisandro · « **Reply #15 on:** July 10, 2008, 01:18:12 AM »

Which are exactly the text you're writing down on the Exclusion list and which list you're talking about (on-access or on-demand scanning)?

gregoryashby · « **Reply #16 on:** July 11, 2008, 04:04:31 AM »

I opened avast on the toolbar... went to program settings - Exclusions- Hit browse-Local Disk C-Program Files-Activion-Call of Duty-4 Modern Warfare-Put a check in the box,="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare",-Hit OK and it apears in the Exclusion.

supergran82 · « **Reply #17 on:** July 11, 2008, 05:58:39 AM »

Got similar, in my big fish games, but nothing else I scan with comes up with a virus or worm. Does this happen often, as I have only just changed to Avast, but if I can't play my games etc, I think I will revert to Nod32

10/07/2008 1:23:38 p.m.   SYSTEM   1884   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/07/2008 1:23:39 p.m.   SYSTEM   1884   An error has occured while attempting to update. Please check the logs.
11/07/2008 11:18:43 a.m.   SYSTEM   1780   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:31:35 p.m.      1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:31:57 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:32:22 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:32:28 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:32:33 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:32:36 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:32:42 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:32:54 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:33:08 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:33:16 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.
11/07/2008 2:35:25 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\Hidden Expedition - Titanic\rkmjtxt.exe" file.
11/07/2008 2:35:45 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\Hidden Expedition - Titanic\rkmjtxt.exe" file.
11/07/2008 3:44:30 p.m.   Paul   1796   Sign of "Win32:Kolabc-CN [Wrm]" has been found in "H:\Program Files\The Clumsys\cgbzqqt.exe" file.

Lisandro · « **Reply #18 on:** July 11, 2008, 02:29:57 PM »

It's a false positive that will be corrected in next virus database update (if it wasn't already).

Klinger · « **Reply #19 on:** July 11, 2008, 03:05:32 PM »

Because this file is not just in the COD4 folder but in many you need to add the exclusion as *\pnk*.sys

I hate using such a wide exclusion but it does work and COD4 will work after adding this.

:-)

Rejak · « **Reply #20 on:** July 22, 2008, 05:00:54 PM »

Just be glad you guys can still at least play.

I've had to completely rebuild my machine due to issues with Avast vs. Punkbuster (in conjunction with Rainbow 6 Vegas 2 though). Totally corrupted my registry.

Yes, I've successfully recreated the error (by using System Restore points to go back to pre-install of Avast). It is clearly an Avast vs. Punkbuster issue.

Used Avast for quite some time now but looks like I will have to find something else.

Lisandro · « **Reply #21 on:** July 22, 2008, 05:22:20 PM »

Quote from: Rejak on July 22, 2008, 05:00:54 PM

Used Avast for quite some time now but looks like I will have to find something else.

Are you using the last avast version? (4.8.1227)
Did you just try using the Exclusion lists (on-access AND on-demand)?

Rejak · « **Reply #22 on:** July 22, 2008, 09:20:29 PM »

Quote from: Tech on July 22, 2008, 05:22:20 PM

Quote from: Rejak on July 22, 2008, 05:00:54 PM
Used Avast for quite some time now but looks like I will have to find something else.
Are you using the last avast version? (4.8.1227)
Did you just try using the Exclusion lists (on-access AND on-demand)?

Yes
Yes

Lisandro · « **Reply #23 on:** July 23, 2008, 01:13:10 AM »

Quote from: Rejak on July 22, 2008, 09:20:29 PM

Quote from: Tech on July 22, 2008, 05:22:20 PM
Quote from: Rejak on July 22, 2008, 05:00:54 PM
Used Avast for quite some time now but looks like I will have to find something else.
Are you using the last avast version? (4.8.1227)
Did you just try using the Exclusion lists (on-access AND on-demand)?
Yes
Yes

So avast can't be detecting it...
Maybe you could try to disable rootkit scanning for a while, IF YOU'RE SURE THE FILE ISN'T A ROOTKIT.

Author Topic: "Win32:Rootkit-gen [Rtk]" has been found in (Read 19283 times)

Lisandro

Re: "Win32:Rootkit-gen [Rtk]" has been found in

gregoryashby

Re: "Win32:Rootkit-gen [Rtk]" has been found in

supergran82

Re: "Win32:Rootkit-gen [Rtk]" has been found in

Lisandro

Re: "Win32:Rootkit-gen [Rtk]" has been found in

Klinger

Re: "Win32:Rootkit-gen [Rtk]" has been found in

Rejak

Re: "Win32:Rootkit-gen [Rtk]" has been found in

Lisandro

Re: "Win32:Rootkit-gen [Rtk]" has been found in

Rejak

Re: "Win32:Rootkit-gen [Rtk]" has been found in

Lisandro

Re: "Win32:Rootkit-gen [Rtk]" has been found in