Ok, I submitted the file to Virustotal again and here is the result:
http://www.virustotal.com/reanalisis.html?de47e4757ce157707d9e825e62a6c174It says it scanned 208896 bytes so the upload appears to have been successful. And all the tests were negative.
I, too have an MSI NVIDIA card, in my case an 8800GT. I am looking at the CD right now and both winsys2.exe and winsys.exe are on the CD, in the folder R:\nVIDIA\Win2K-XP\V169.02.
These two files have the same dates and sizes as the two files of the same name in my Windows/System32 folder. So I am confident that they came from the CD when I installed the MSI NVIDIA driver from it.
So the question is, did MSI ship a driver with a rootkit in it, or is avast! mis-identifying a legitimate driver file as a rootkit?
Has anyone at avast! had a chance to look at the file I emailed to you yesterday to see if it's the same as a known rootkit, or different?
Should someone at avast! contact MSI to let them know they are shipping a file with a name that's the same as a known rootkit?