There is a temp file generated at each boot that is flagged by Avast! at boot time as win32:rootkit-gen [Rtk] I tell it to move to chest but next boot we have new file with new name mc###. So I uploaded this to
http://www.virustotal.com/ and it shows as
File mc21.tmp received on 07.25.2008 15:05:50 (CET)
Current status: finished
Result: 4/35 (11.43%)
Avast 4.8.1195.0 2008.07.25 Win32:Rootkit-gen
CAT-QuickHeal 9.50 2008.07.24 Tool.Madtol.c (Not a Virus)
GData 2.0.7306.1023 2008.07.25 Win32:Rootkit-gen
Sophos 4.31.0 2008.07.25 MadCodeHook
So what is this and how do I find out if it is real or not..
How do I find what is writing it?
Avast finds nothing if a scan is run after this is removed or in dos mode..
Thanks!