While installing an update from Nvidia using the GeForce Experience application, Avast suddenly notified me of a rootkit that may be present at /systemroot/system32/drivers/nvhda64v.sys and gave me the option to delete or ignore the file.
I wasn’t to sure about this, since the file is in fact part of the installation, since it’s the nvidia HDMI audio driver so I simply closed the alert.
To make sure I wasn’t infected, I did a full scan using avast with some settings altered (rootkit (quick scan) changed to rootkit (full scan)).
Results say no threats were found.
To be sure I downloaded MBAR an ran a scan with it, it immediately gave me a message saying “Registry value “AppInit_Dlls” has been found, which may be caused by rootkit activity.”
It gave me the option to delete this, and continue to the scan with MBAR or to ignore it and go on. I decided to delete the file, since I don’t have this message on any other system that use the same OS, and I never had that message before, and scan with MBAR.
MBAR didn’t found any threats.
Also Malwarebites don’t seem to find anything.
Is it really safe to assume that nvhda64v.sys was wrongly accused to be a threat ? or did deleting AppInit_Dlls solve this? Or is there something else that I should do to guarantee that my PC is clean?