Win32Rootkit-gen

[aguila]

I run XP home, SP3 updated to today with Zone Alarm free, Avast 4 Home,
 Malwarebytes, and SuperAntiSpyware.
 Yesterday afternoon Avast told me it had detected Win32Rootkit-gen in
 Windows\system32\svchost.exe, but could not quarantine it,  Windows
 Defender, MalwareBytes and SuperAntiSpyware found nothing.  A boot scan
 from Avast also found it, but I did not attempt a repair because it is a
 Windows file.  Scanforfree.com root kit remover did not find it, but
 Sophos Anti-Rootkit did, but gave the following message:

 Area: Local hard drives
 Description: Unknown hidden file
 Location: C:\WINDOWS\system32\svchost.exe
 Removable: Yes (but clean up not recommended for this file)
 Notes: (no more detail available)

This morning, Avast has not indicated the virus.
Last night I ran GMER, and it did not seem to
find anything.

Today, Avast gave no warning, but its log does show "Sign of Win32:Rootkit-gen found in the same location as above.

How do I get rid of this thing?

TIA
Don Eagle

[John2009]

fixed FP/false positive

[aguila]

Thanks, John.  I sure hope so!  Is this a known bug with Avast 4.8?

Don Eagle

[DavidR]

It has nothing to do with avast 4.8 or any version of avast, but the virus database signatures incorrectly detecting this, a false positive detection, which as mentioned has already been corrected.

There are a couple of topics about this already in the viruses and worms forum, this is one, http://forum.avast.com/index.php?topic=47058.0.

[aguila]

Yes, thanks, David.  I found the other posts after I submitted my first.  I thought I was on the virus and worms forum, but, obviously I screwed up, and started a new subject.  This thread can be canceled.  I'll be more careful in the future.  My automatic update occurred a couple of hours ago.

Don Eagle

[DavidR]

No problem, welcome to the forums.

The topics remain for posterity , only moderators can delete/cancel posts/topics.