Malware " rootkit" in temp file every time I turn on the computer

[fdarcy6]

 I don't know whats happening, everything was fine with my computer until this morning when I turned on my computer to say that there was a malware called " rootkit" in my temp file, please help on how to get rid of it. It happens every time I turn on the computer. HELP!!!! the malware is called "win32:Rootkit-gen"
The Original file names are mc227,mc230, mc241
all the Original Location is at C:\WINDOW\TEMP
the size of the files are all 2560
and all of the virus description is Win32:Rootkit-gen[R.....
Thanks for all help!!!!

[Lisandro]

Could be a false positive, could be infected files...
Check other threads about the mc*.tmp files that are opened to discussion.
For instance: http://forum.avast.com/index.php?topic=37358.msg312854#msg312854 and http://forum.avast.com/index.php?topic=37353.0;topicseen

[fdarcy6]

I am sorry but what is a false positive? I am totally clueless as to computers, SORRY!! Thanks for the reply

[Lisandro]

I am sorry but what is a false positive?

A clean file that is identified as being infected by the antivirus.
So it's not really infected (positive detection), although the antivirus detect it as so (false detection). Does it make sense now?

[fdarcy6]

So what do I do in order to stop it from popping up on my computer every time I turn it on?
and what what file should i upload in virustotal and how do i do it?

[Lisandro]

So what do I do in order to stop it from popping up on my computer every time I turn it on?

I'm not sure it's a false positive or not...
I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

and what what file should i upload in virustotal and how do i do it?

Two or three of them, one by one, click in the buttons of the www.virustotal.com page.

[fdarcy6]

avast! Antirootkit, version 0.9.6
Scan started: Friday, July 25, 2008 4:25:23 PM


Scan finished: Friday, July 25, 2008 4:32:49 PM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

this is just the antirootkit scan and i have disabled system restore and enabled it back and scanned my whole computer, there is no more warnings telling me about detecting a virus, thanks a lot, but i will post a HJT log here later to be sure,Its been a long time since i've done a HJT log so will you explain the steps. Thanks a whole lot!!!!!

[fdarcy6]

Should I download the zip file or the exe file for the Hijackthis log?

[Lisandro]

Should I download the zip file or the exe file for the Hijackthis log?

Never mind... do you have an unzip tool (like IZarc or 7-zip)?

[DavidR]

If you do a forums search for these file names you will see other topics, e.g. some of the links posted by Tech, in some of these it looks like a VPS update has resolved this.

Do a manual iAVS Update, right click the avast 'a' icon, select, Updating, iAVS Update. Once complete, scan the files again and let us know if they are still detected before doing anything else.

[fdarcy6]

Never mind... do you have an unzip tool (like IZarc or 7-zip)?

NOPE

[fdarcy6]

Once complete, scan the files again and let us know if they are still detected before doing anything else.

What files?

[DavidR]

The ones previously detected as infected of course.

The Original file names are mc227,mc230, mc241

There is little point in continuing with additional tasks if the files are no longer detected as infected.

[fdarcy6]

Nope they are no longer detected as infected, and I have scanned my computer for rootkit and found nothing, after disabling and enabling system restore, nothing has been detected by avast scanner of a rootkit, so far so good!!! Thanks.

[DavidR]

You're welcome, looks like it was a false positive that has been corrected.