ShutdownPerformanceDiagnostics_SystemData.bin FP?

[wrongway]

today on Windows 7, my avast free detects Windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin as Win32:KillAV-AHY [Rtk]

(virus definition: 110519-0)

is it a false positive? 

[yunini1]

same problem here, VT report

[Asyn]

Looks like a FP.
Please report it here: http://www.avast.com/contact-form.php?loadStyles
Thanks,
asyn

[Yojimbo]

Today i have the same problem on my windows7 home premium 32bit.  
It's a fp?

[sbwhiteman]

I'm having a similar problem: http://forum.avast.com/index.php?topic=78424.0

and I see others are as well: http://forum.avast.com/index.php?topic=78416.0

Could there be a problem with the Win32:KillAV-AHY [Rtk] definition?

[yunini1]

Any news? the only thing i have installed on my system yesterday was the update of privatefirewall 7.0.24.4,  got an error and had to reboot. Could it be related?

[lareinatortura]

today on Windows 7, my avast free detects Windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin as Win32:KillAV-AHY [Rtk]

(virus definition: 110519-0)

is it a false positive? 

I do not know if it is a false positive.  I am concerned about this because I had stumbled upon some strange webpage.  It was supposed to be a sort of financial analysis--the link was through "getrichslowly.org"--and when I clicked on it, it started playing this crazy music. It had this ugly picture and mentioned something about hackers and virus. (I didn't read it all because as soon as I clicked on it, heard the stupid music, and saw this guy's ugly picture, I was like, "Whoa, wait a minute," and exited the page as soon as I could.  I immediately cleared all data from my browser and closed it.

When I checked on my avast as it was scanning, it reported two infected files, infected by "Win32:KillAV-AHY [Rtk]"

I'm upset because I don't know what this is and I worry about the safety of my machine.  The only thing I did with my administrative account yesterday was I installed "The Sims Castaway: Stories."  Then, very early this morning (around 01:30), my avast reported that I had two infected files.

Given that I had encountered a highly suspicious website a few minutes before I noticed that avast had found two infections, I could not tell you if this is a false positive. I'm not going to assume that it's a false positive.  If it is, that's great, but it seems like some. . . jerk, for a better term, hacked into some unsuspecting ding-dong's website (one that must have been connected to "getrichslowly.org.")

Needless to say, I will not be going to "getrichslowly.org" again. .

-.-*  Sigh.

[NerdrageXZ]

I doubt it was from that website, I run noscript, abp and LSO cleaner and only really visit 5 websites, I also download nothing and I didn't get my details socially engineered

It's not done anything to my PC whatsoever, svchost being quaranteened did, it restricted a little bit of acess but nothing essential.

I don't think we should worry for the time being, combofix and OTS show nothing.

[lareinatortura]

I doubt it was from that website, I run noscript, abp and LSO cleaner and only really visit 5 websites, I also download nothing and I didn't get my details socially engineered

It's not done anything to my PC whatsoever, svchost being quaranteened did, it restricted a little bit of acess but nothing essential.

I don't think we should worry for the time being, combofix and OTS show nothing.

Hey man, I saw you on another thread, similar to this one.     *waves*

Anyway, I have to say. . I'm not quite as careful as you--as careful as I should be.  I'm ashamed of myself 'cause I do know better. .  :'(  But, hmm.  I'm not sure what to say about this, then.  I just moved the infected files to the "chest" and did a boot time scan (no virus was found).  I'm still worried about this, though. 

You're probably right about the website, but I am still concerned.

[sbwhiteman]

Try updating to latest definitions and re-scanning -- my false positives are no longer being flagged.

[jacksticks]

So can we restore the file in the virus chest?


Thanks.

[NerdrageXZ]

I doubt it was from that website, I run noscript, abp and LSO cleaner and only really visit 5 websites, I also download nothing and I didn't get my details socially engineered

It's not done anything to my PC whatsoever, svchost being quaranteened did, it restricted a little bit of acess but nothing essential.

I don't think we should worry for the time being, combofix and OTS show nothing.

Hey man, I saw you on another thread, similar to this one.     *waves*

Anyway, I have to say. . I'm not quite as careful as you--as careful as I should be.  I'm ashamed of myself 'cause I do know better. .  :'(  But, hmm.  I'm not sure what to say about this, then.  I just moved the infected files to the "chest" and did a boot time scan (no virus was found).  I'm still worried about this, though. 

You're probably right about the website, but I am still concerned.

Yep, turns out this was a false positive

[lareinatortura]

It turned out to be a false positive because updating definitions and re-scanning no longer flags it?

[sbwhiteman]

It turned out to be a false positive because updating definitions and re-scanning no longer flags it?

Correct.

[Asyn]

So can we restore the file in the virus chest?
Thanks.

Yes.