just updated avast free and got a message saying I have Rootkit. SVC:CCALib8>C:\CALMAIN.exe
Name Win32:Evo-gen(susp)
I followed instructions to remove and do a boot time scan. The laptop then restarted and after a few minutes I got the same message again.
I took a look at your forums and see many saying this is a false positive. Which I’m hoping to be the case. If Avast says it’s removed it, why has the message popped up again?
Any help appreciated.
I’m on Vista, I have ad-aware and spywareblaster as well as avast home free.
I just ran a quick scan which found no threat and says “everything is good”
I looked in the virus chest and there is nothing that relates to this message in there at all. If Avast removed this threat, wouldn’t it be in the chest?
If Avast removed this threat, wouldn't it be in the chest?
No, there is a difference between removing (deleting) and moving.
The name of the file indicates it belongs to Canon software.
However the location is not where it normally is and that is at least suspicious.
Please follow the instructions as mentioned here: http://forum.avast.com/index.php?topic=53253.0
i would wait with that … follow instructions in the other post about how to report it to avast
you may give a link to this topic in case avast lab reply here
You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
thanks…but as I said “show last pop upmessage” is greyed out and therefore unavailable so I cannot access the file unless there is another way to find it.
I just received the same message. I located the file (Calmain.exe) in the C:\Program Files\Canon folder and then scanned the file with both MBAM and Avast!. No threat was found. My conclusion is that on my computer this is a false positive.
I also received the same message. The file was found in C:\Program Files\Canon\CAL. So it was the proper location for the CALMAIN.exe, according to this info: