False Positive with version 8.0.1497

I just updated my Windows XP PC to Avast free anti-virus version 8.0.1497 definition version 130918-5 and suddenly I am getting a message from Avast telling me my computer is infected with a rootkit Win32:Evo-gen [Susp].

Is this a false positive?

Thanks.

Can you adda screenshot of the warning please?

hi dreamspinner3,

Actually, [as a rule of thumb], no. (Only exception I’ve seen so far is when Malwarebytes has been reported here as a rootkit.)

This is because rootkits are able to hide themselves, in most cases, quite successfully and, in most cases, do not impact system performance noticeably for the average user because of the way they run and when they run.

Best to have your system checked out by a certified expert malware removal expert by running and submitting (attaching only) the following four logs: Adwcleaner, Malwarebytes, OTL, and aswMBR.exe to see if, in expert opinion, your system is infected or not.

You can get your programs here: http://forum.avast.com/index.php?topic=53253.0 Don’t run any other programs on this list unless told to do so by your malware expert and use AdwCleaner and Malwarebytes to quarantine/remove anything they find. These two programs are safe to use for unsupervised cleansing.

Once logs are attached in your next reply, a malware expert will be notified and check your system out for you.

[EDIT:] We’ll know better what you have when you attach your screenshot of your avast! alert in your next reply, as Steven Winderlich asks.

It was only when it Avast was updated to version 8.0.1497 that it found this supposed infection. I allowed Avast to remove the infection & then run a boot scan, which did not find any infection. Yet, when my machine finally booted into Windows XP again, Avast 8.0.1497 once again said that my machine was infected.

I have a screenshot of the Avast warning message & also the logs from the programs you asked me to run, but when I try to post them to the forum, I get the following error message:

413 Request Entity Too Large

I will try attaching the logs in separate posts.

Logs attached.

More logs attached.

More logs attached

Screenshot attached. Sorry for having to post them separately. It was the only thing that seemed to work. Thanks.

hi,

An expert malware removal expert has been notified. Thanks for the logs, you did good.

According to the information I’ve easily found online that WDSC.exe is exactly what it sounds like - part of the backup Western Digital Shadow Copying service.

http://www.shouldiblockit.com/wdsc.exe-23145.aspx

I don’t want to preempt the experts here but I wouldn’t be at all surprised if this is an Avast false positive.

Yes a false positive, in the drop down box select ignore :slight_smile:

Thank you for all of your help. I’ll mark it to ignore.