Gpu-Z - rootkit or fp?

Hi everyone,

yesterday i got a rootkit warning from avast free - it was called “svc atkfu” - i deleted it and did a full bootscan - everything was fine.
A few minutes ago i got another rootkit warning. This time its SVC GPUZ and GPU-Z. I have used that program in the last 2 days and also downloaded a new version of it (but from a trustworthy site). Im wondering if those two alerts are somehow related and if this could be a false positive. I havent actually installed GPU-Z, i just click the .exe to run it, so it would make sense that theres traces of the program somewhere in the temp directories, which is exactly where avast found them. GPU-Z: C:\Users.…\Local\Temp\GPU-Z.sys
and GPUZ: C:\Windows\TEMP\GPUZ.sys.

So what do you guys think of this?

Hi,

There are two ways of going about this.

[ol]- You can submit the executable to avast if it is now quarantined by opening the vault, scanning and then sending off to avast as a false positive.

  • You can have your system checked by a malware specialist here. If you decide to go that route, see http://forum.avast.com/index.php?topic=53253.0 just to make sure you do not have a rootkit installed, and know your system is clean. Follow all directions and attach all logs from scans in the “Attachments and other options” below the text box you are writing in.[/ol]

You can also submit (upload) the executable to virus total here and post the results of the scan in your next reply here: https://www.virustotal.com/

FYI, I did a little digging around and came up with two websites concerning the programs said to be malicious here, http://www.techpowerup.com/gpuz/, and here, http://www.overclock.net/t/698731/gpu-z-question

Overclocking a video card is the reason for having this program.

I also looked for forty minutes on the 'net and could not find a direct reference to svc atk fu rootkit anywhere. It appears there may be such a rootkit, but sadly, not much information on it could be found anywhere. svc atkfu does not exist, no search results found for that nomenclature.

Alright, so i uploaded the .exe to virustotal and the only scanner that found something was ClamAV, saying: PUA.Packed.PECompact-1. As thats only 1 out of 42 and GPU-Z is a well known inspection tool for graphics cards, im goin for fp. I dont have the files assumed to be rootkits anymore. I only had the choice to delete or ignore them and i never got an alert about the .exe itself.

As for svc atkfu (yes, avast really spelled it like that)…
I have no idea what was goin there. As u said, little to no information bout that one. For now ill assume my system is clean.

Thanks for your help.

Hi ace0,

Not a problem. ;D

If you should ever have a problem, at least you know how to start a thread now, and get the help you may need at that time. I would begin by running Malwarebytes, OTL (in scan mode only), and aswMBR (scan mode only). Other programs should only be used when requested and under the supervision of a qualified malware specialist.

Hopefully that will never be necessary, but one never knows…