Avast finds infection in its own folder

Hi!

I did a scan few mins ago, and avast found a rootkit: hiddenfile in his definition folder (aswrep.dll)
In panic I reinstalled avast, the threat is gone.

Did
Malwaresbyte anti-malware/tdsskiller/mbam-antirookit and another avast scan after, nothing

I did a VT scan
https://www.virustotal.com/en/file/7525ba9f79ab6703b0b7fb3fd6b58db098a586ddd8e0bcc07b6674a4254451a5/analysis/1387158123/
Nothing

I tried to move it to chest, impossible. Same with repair and delete.

I only booted my pc this morning, and few mins ago.
Any clues?

I did a scan few mins ago, and avast found a rootkit: hiddenfile in his definition folder (aswrep.dll) In panic I reinstalled avast, the threat is gone.
Next time, reboot and try a New scan ......

Yeah, but before I reinstalled it I scannes the file and the whole avast folder and nothing suspicious… Could it be a bug? I did a whole system scan the day before and nothing under the radar, and I’ve been on my computer for like 30 min the morning after only playing some battlefield… The only way this fike could be infected is by Avast itself… Self proteftion module is on and I have a password too on Avast

The only way this fike could be infected is by Avast itself...
it is a FP
CopyrightCopyright (c) 2013 AVAST Software Publisher AVAST Software a.s. Product avast! Antivirus Original name aswRep.dll Internal name aswRep File version 9.0.0.115 Description Reputation services access Signature verification Signed file, verified signature

Ok thanks!

I just saw that many got Avast flagging files from Avast website, can it be related with what I got?

no…different detection…and is should be fixed now

Ok, but I still don’t understand how Avast could find something in its own folder
Could it be a software bug or it might be a real virus/threat? I just don’t get how Avast could see a Rootkit: Hidden File in his own folder, and I would be the only one

a False Positive error http://antivirus.about.com/b/2007/02/13/what-is-a-false-positive.htm

Yeah but if it would be a false positive, wouldn’t everybody with the file would get one? I mean this file is supposed to be identical for each avast user?

Just a general question, I don’t think it could be something else since I didn’t downloaded anything else between the two consecutive scan I did and I got this…

Is this file different in every system? So it’s why I could get a FP on it?

Avast! For most of the more techy people have their Avast! products customized to suit their needs. For example. I use Avast! Free. I don’t have a use for Avast! Premier or IS because I don’t do online banking, and I have a Firewall. I have my settings set to be extremely strict due to the nature of what I do. For an average user, they might not customize their Avast! and just leave it. In that case, yes, it might detect. I’ve seen file in SandBoxes being detected as malware. It happens and always will. No need to be concerned

Settings of my installation are at ‘max’ in scan (full sensibility, follow links, all packers, etc)

But I don’t do anything that might get me infected, that’s why I’m surprised that Avast found a threat at first, and then in its own folder. But if you say there is nothing to worry about, I won’t worry =P

I’m just asking myself questions, because if its a false postive, and this file is the same for everybody, why only me would get it flagged?

why only me would get it flagged?
bc you where the only one doing a scan at that time?
Settings of my installation are at 'max' in scan (full sensibility, follow links, all packers, etc)
result of changing default settings?

Well I guess that the defaults settings it don’t find anything, when I did a manual scan after the reinstallation it got nothing
And VT found nothing

But now even with my settings, it gets nothing (this said, the definitons updated)

I got this as well – report said rootkit hidden file – ID’d as C:avast!..sandbox\avast premier avast setup etc. – said threat “high.”

Also in same scan got two others – rootkit hidden files – ID’d as C:avast!..sandbox\f_0000ba and f_0000bf – in Google Chrome folder.

When I went to Chrome folder, had 200 hundred files with similar extensions all from the last three days – ever since I downloaded avast premier (I had avast for last year and subscription was about to run out so bought another year’s worth.)

So what gives? False positive? Something to worry about? Thanks for any help.

Those are the safezone files so you can safely ignore them as they are going nowhere. You can clear safezone if you wish

Thanks very much for your reply. I appreciate it.