FP: PnkBstrK.sys

system · July 9, 2008, 12:29pm

Avast detects the file PnkBstrK.sys (situated in the system32\drivers and in the directory of Call Of Duty 4\pb), which is an important file of the Punk Buster (Call of Duty 4) as a Win32:Rootkit-Gen[Rtk]
I’ve already sent it to virus@avast.com and I hope Avast team will correct it as soon as possibile

Here the report:

File PnkBstrK.sys received on 07.01.2008 16:50:43 (CET)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Malware.gen!92 (suspicious)
Additional information
MD5: e2bf955fe43c7a79d6cddcf2c100ed78
SHA1: 5e4c6b2f6999599310dbeed02977168fff0d5c3e
SHA256: 459d87fd6789edec3c39769b638f50b886fb483b470f21111e0034e7842929d2
SHA512: b00b30510e42ca58549e8c19c5237384d0ddf95943afd792a7847aca88335f4baf0ba851829ddc2a7d9c6fec033876e1ff369b17555715008b8db193e0c88841

Scan taken on 09 Jul 2008 11:54:38 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win32:Rootkit-gen
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

system · July 9, 2008, 12:45pm

Ive also have this problem and i really need my game for leagues wars. as soon as possible

http://img244.imageshack.us/img244/9461/hmmaz6.jpg

http://img244.imageshack.us/img244/9461/hmmaz6.98a039cd8b.jpg

misak · July 9, 2008, 12:56pm

False positive alert will be fixed in few hours in VPS 080709-1

system · July 9, 2008, 1:57pm

I have the same thing with the PnkBstrK file.
I am getting malware reports from 2 places : In the game folder of my game (cod 4/pb) and in sys32/drivers

Thing is… if i tell AVAST to exclude these files…, then why won’t it do just that???

Lisandro · July 9, 2008, 2:05pm

There are two Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…

You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.

system · July 9, 2008, 2:23pm

Still awaiting a fix, i do hope that avast hasn’t deleted any of the files, my pc locked up when i had cod4 running when it came on so i did ctrl alt delete, load up task manager, then pressed continue, i do hope i didnt accidently delete punkbuster file or something.

Lisandro · July 9, 2008, 2:32pm

It’s always better and safer send the file to Chest than directly deleting it…
It allows restoration in case of a false positive.

system · July 9, 2008, 2:47pm

Well yeah but because the game froze and i was pressing keys on my keyboard i mean i just hope i didnt press a hotkey for delete or something, i dont believe avast has a hotkey or you can delete using keyboard?

Lisandro · July 9, 2008, 2:53pm

avast don’t have this features. You’ll receive a virus warning and this message (window) has a delete button.

system · July 9, 2008, 3:40pm

Any news on the fix?

system · July 9, 2008, 4:09pm

wait… the fix will be relased soon
in the meanwhile follow the instructions about the two Exclusion lists…

system · July 9, 2008, 4:36pm

can someone plz post the default command line of the exclusion. ???
i cant seem to get it rite

system · July 9, 2008, 4:47pm

Yeah it is quite bothersome. I am looking forward to the next update.

system · July 9, 2008, 6:07pm

The first time I opened the main program and went to advanced and then added the files to the exclusions list
But where would i need to do it on the simple interface?
Should i choose web-shield ,network-shield or standard-shield in the left pane?

system · July 9, 2008, 8:50pm

thanks for the new update problems fixed…

why was it classed as a rootkit-gen?..because it spys on files to see if they contain hacks ect?

system · July 9, 2008, 10:40pm

Great job Avast!!! Thanks for the fix.

Yea it monitors desktop and game folder i think maby more. it’s ment to be able to tell if you have cheated on a non pb server and if you connect to a server with pb it will ban you… or somthing like that anyways all i no it works !!!

Lisandro · July 9, 2008, 10:54pm

No into the providers settings… Left click the ‘a’ blue icon.

Standard Shield.

Rootkit: hidden virus.
Gen: generic signature for detection.

FP: PnkBstrK.sys

Announcements