In a bit of an awkward position, here.

As I turned on my laptop (def. version 140710-0), Avast immediately detected a process, marked it as a Win32:Rootkit-gen [Rtk] and deleted it.

The filepath is C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

This file has been on my computer since it was bought, and it seems to be bundled with a majority of Hewlett-Packard Win7 laptops ( http://www.shouldiblockit.com/riconman.exe-9495.aspx) ; and I have little reason to believe it was just suddenly infected.

So I’m not 100% sure what to do, I can’t submit a sample through the normal channels, since I don’t have one to submit. Avast seriously just deleted it with absolutely no input from me. I could attempt a system restore and disconnect my internet, so my computer doesn’t download the definition update that marked the process. But I don’t know if System restore actually undoes Avast Definition updates.

If nothing else I can at least report it here and see if anyone else has experienced the same issue.

Right click file in chest…from The menu…send to avast lab

or Go to avast.com > support > FAQ …search for chest…and see How to

It’s not in the chest. It just straight up deleted it. I’m not sure if that’s a setting you can tell it to do? (As in: Set it to automatically deleted infected files) Because I might have done that at some point; but either way, it’s just gone from my computer now.

Download again and test lt at www.virustotal.com if tested before click new scan

the you may send it and info to avast lab

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

Action to take on detected files can be sett in all shields settings

S’alright. I did a system restore and disconnected my internet. Defs didn’t update so I quarantined it.

Actually, I scanned it with both the old definitions and the most recent ones. Both say no virus. Weird. Why was it detected in the first place, then?

I’ll keep it in the chest for now while I download the windows updates I downloaded before the restore. Maybe the updates caused avast to wig out about that process?

Here’s the Virustotal: https://www.virustotal.com/en/file/3855ce03672d73084bbac219f2b350cf22608a82828f82a9e842034f6a975f14/analysis/1405020773/

Avast is the only one marking it as a virus, though right now avast says it’s clean in my virus chest. Will update windows and report back and see if that changes anything.

It’s looking like it was fixed in 140710-1.

First submission 2011-05-20 00:48:40 UTC ( 3 years, 1 month ago )

false positive … Send to avast lab so that they can correct

Shouldn’t need to worry about it. Ran another virustotal with Avast’s new definitions and it’s not pinging as a virus anymore, both in virustotal and an actual avast scan of the file.

Bit of a hassle that I had to system restore to get the file back, but, oh well.