Avast picked up a rootkit in Chcfg.exe in windows/system32 and I sent it to avast for analysis. is it a real rootkit or false postive? Just Curious and I uploaded it to Virustotal and Avast is the only one that detected the rootkit in Chcfg.exe. Any ideas?
Hi Cutie Mark Surprise,
Yes the corrupted files were first seen in Malaysia. You can repair this corrupted file in, and get it from here: http://www.corruptedfilerepair.com/File-Information/ChCfg.exe--.asp
First do this: http://www.precisesecurity.com/how-to/ht-srxp.htm
polonus
Is it a false Postive or a corrupted file? Thank you and Avast still flags it as a Rootkit.
Hi Cutie Mark Surprise,
I is more than likely a False Positive, but I would you to check on the file with IceSword from here:
http://majorgeeks.com/downloadget.php?id=5199&file=10&evp=0d36c3ec48c6373fd5daac78f0c6a417
manual to be found here: http://www.castlecops.com/ (register free to read it),
polonus
I tried Ice Sword but it crashed my computer. Is there any other way to check that file?
Try this:
http://online.drweb.com/
pol
To be sure, the better will be test the file against on-line scanners. Submit the file to:
Virustotal
Jotti
There is also Kaspersky File Scanner (The file should not be larger than 1 MB).
Hi Cute Mark Surprise and Tech,
Check the file you have against the information found here:
http://www.spywaredata.com/spyware/malware/chcfg.exe.php
I lean towards a False Positive, very likely…
polonus
On Dr Web it came up clean and I guess it is a false postive. Thank you and I hope they can fix that. It is a false postive.