Hello! I have a possible problem, hopefully someone can help? I have an older desktop running XP SP3 with an HP printer. A few days ago, I turned the pc on and then the printer and as soon as I turned the printer on my avast AV popped up saying it moved a threat to the quarantine. The file being HPZipm12.exe from the C:\WINDOWS\system32 folder. It said it was a Win32:Rookit-gen[Rtk]. I did some searching and found out that’s an HP file and it has been on my pc since I installed the printer around 10 years or so ago. I’ve never had any problems with it until now. I thought maybe it was a false positive and waited a few days but it’s still scanning as a rootkit when I scan it in the quarantine. Also, the next day when I turned my pc on it sent another possible rootkit to the quarantine. This one being A0201566.exe from the C\System Volume Information\restore{30D07643-953… folder. Since then, it has not moved any more files when I turned the printer on, also the printer works fine with no problems that I have noticed. I’m afraid to restart the pc because with the system 32 file in quarantine am afraid it will cause problems. I did end up scanning the file that was in the virus chest at virusscan.jotti.org and it was clean on all scanners there. Then I scanned same file at virustotal.com and it was clean on all scanners except for NANO-antivirus which showed Trojan.Dos.Hupigon.cyqiwi . Could someone please instruct me as to what steps I should take next?? I am still not sure whether it’s a false positive or if it’s a rootkit. I’m not even sure if I scanned the correct way as I uploaded it straight from the virus chest. Really stressed about this because getting ready to move and will have to restart the pc eventually. Thanks in advance for any help!!
C\System Volume Information\most likely a restore point backup of the first one.....
you can report FP here https://support.avast.com
or you can report and send file from avast chest http://www.avast.com/en-us/faq.php?article=AVKB21#artTitle
[s Thank you Pondus for help! I will try sending it from the virus chest. I was just kind of leery about restarting it with that system 32 file in the quarantine.
I sent it to the lab yesterday and updated my definitions a few times since then and it’s still scanning as a rootkit. I’m getting ready to move and am going to have to unhook it. I am worried that the “missing” system 32 file in the chest may cause me some issues. What should I do??
Well you cant do anything but wait … and/or resend in a couple of days in nothing happens