Hi all, first time posting, so thank you in advance. Avast today detected that the file C:/Program Files (x86)/Hotkey/ccdpatch.exe was infected by Win32:Rootkit-gen [Rtk]. I’m trying to determine if this is a false positive, or if I should clean the file. This file is associated / was found in my OEM Clevo P157SM hotkey software directory; this software was installed over a year ago when the computer was purchased. Any advice you have is appreciated. I have attached the requested questions at the top of this forum and a Malwarebytes scan log.
I have not run a full scan in over a month, since usually I run the quick scan on schedule. Previously this file has not been picked up by Avast. I initiated a full Avast and Malwarebytes scan today after Malwarbytes picked up and blocked PUP.Optional.OpenCandy during the installation of “BurnAware Free” (ISO creation software). I have also attached the virustotal.com review of the downloaded burnaware_free.exe file, in case you think these two incidents are related. If it helps, during the time since my last full scan, I have only installed two pieces of freeware, BurnAware Free and Minitool Partition Wizard Home Edition. Here is additional download information the two pieces of freeware installed since the last full scan:
BurnAware Free (www.burnaware.com), redirected download link: http://fileforum.betanews.com/download/BurnAware_Free/1212419334/2
Minitool Partition Wizard Home Edition (www.partitionwizard.com), redirected dowload link: http://download.cnet.com/Partition-Wizard-Home-Edition/3000-2094_4-10962200.html?part=dl-6285158&subj=dl&tag=button
Requested Questions
1. Found during Avast full system scan 2. OEM software file associated with my system hotkeys 3. No 4. ccdpatch.exe 5. File: C:\Program Files (x86)\Hotkey\ccdpatch.exe Severity: High Threat: Win32:Rootkit-gen[Rtk] 6. Option A: Threat was found again on a second Avast scan 7. 2/55 scanners detected a virus Avast: Win32:Rootkit-gen[Rtk], TheHacker: Trojan/Autoit.agk MD5: 49a3c14a97da6d25176e51f5083549dd VirusTotal Link: https://www.virustotal.com/en/file/404bb39a1b1118021815720ecf3c7147ddda9aca10330c740a9899fb732da5d6/analysis/
Malwarebytes Scan Log
Malwarebytes Anti-Malware www.malwarebytes.orgScan Date: 11/14/2014
Scan Time: 9:03:08 AM
Logfile: malwarebytes_log.txt
Administrator: YesVersion: 2.00.3.1025
Malware Database: v2014.11.14.04
Rootkit Database: v2014.11.12.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: DisabledOS: Windows 8.1
CPU: x64
File System: NTFS
User:Scan Type: Custom Scan
Result: Completed
Objects Scanned: 587449
Time Elapsed: 50 min, 38 secMemory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: EnabledProcesses: 0
(No malicious items detected)Modules: 0
(No malicious items detected)Registry Keys: 0
(No malicious items detected)Registry Values: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Folders: 0
(No malicious items detected)Files: 0
(No malicious items detected)Physical Sectors: 0
(No malicious items detected)(end)
VirusTotal Scanlog for burnaware_free.exe
Malwarebytes blocked riskware associated with this file during the install process today
2/50 scanners detected a problem ESET-NOD32: a variant of Win32/OpenCandy.A Fortinet: riskware/OpenCandy MD5: 7b43194cd66e3039b5b79cd14c20baba VirusTotal Link: https://www.virustotal.com/en/file/be338b9ad63ffc56f1192ce8804ebf9aba5e107670f2f38779fe5d2b32d296ff/analysis/
Thanks again for your advice and assistance.
Jonathan
