Hi!
Avast open a window in which say that this file: C:\WINDOWS\SYSTEM32\remove.exe cuold be a Rootkit. I have to cancel or ignore? It happened the same fact yesterday with the file: ils.exe.
But I resolved with the new iAVS.
What can I do?
A file called remove.exe is suspicious…
Ils.exe either (ils.dll is the clean one detected as a false positive yesterday).
Can you submit remove.exe to www.virustotal.com to be sure?
Hi!
I sent it to Virustotal.com.
Is it a virus?
I send you the site reply in the link:
http://www.virustotal.com/it/analisis/ff236f37eaef73b8f860257f05eb9376
Sorry but I’m not very expert to understand it.I’m from Italy
Can someone help me?
Cheers
Man, it seems really clean…
Ignore it and when send it for analysis to virus@avast.com (saying in the email body it is a false positive).
Hi!
Thank you.
Could it be a problem of the new Avast version (4.8.1296) Home edition?
Cheers
we’ll analyse the file, if you’ve allowed the sending 
The file name is suspicious to me in that I don’t have remove.exe in my system32 folder or anywhere in the windows or sub-folders. I have WinXP Pro SP3 so to get into a system folder it would have to have come with some other program.
So you could try a windows search for files created on the same day as remove.exe, in explorer right click on the file, select properties and write down the creation date. Now do a search of C:\ for files with the same creation date and possibly time (same hour, not sure how or if this can be done) if too many files are returned in the search.
For the time being, Ignore (I assume that this is the suggested recommended action), but elect to send a sample to avast.
I’ve had the exact same problem.
I ignored it, then ran the boot scan, and once the system had rebooted clean, it came up with the same thing again?
I’ve had issues with system32 corruption before, and I really don’t want to have to deal with that again.
Could this just be an error with the version?
Possibly only affecting a specific OS?
If you sent the file for analysis on detection it will be analysed as Maxx (one of the virus labs team) said in reply #5. It doesn’t remove it, just uploads a copy of it during the next avast update.
If you read my previous post you will see it isn’t a regular system file.
If you right click this file in Windows Explorer, Properties, can you check who is the manufacturer owner of this file?
Hi,I am Italian and Ihave the same problem too…
This morning avast pro informed me that a file(remove.exe)in c:\windows\system32 is potentially dangeous
I ignored (my os is win xp pro sp3)
This afternoon I formatted and installed win vista ultimate in the same pc and this evening avast showed me the same message(c:\windows\system32\remove.exe can be a rootkit)
the manifacturer of this file is PixArt Imaging Incorporation…
Is it a false positive?
or is it a real infection?
I can confirm: PixArt Imaging corporation.
I have a file in COMMON FILES and a file in SYSTEM32.
The suspect file is the SYSTEM32 version.Creation date :16 november 2008.
The COMMON FILES version was created on 03 November 2006,when I used my pc for the fist time.
This confirm that the SISTEM32 file is a suspect file.
What do you think about?
giangygian…di dove sei?
I noticed that the time of creation of remove.exe on my pc is 22.11 (16-12-2008),the same time I installed my trust webcam…maybe the two things have something in common…
I’m a little confused if the computer can be formatted and a different OS installed how this can get back in
This afternoon I formatted and installed win vista ultimate in the same pc and this evening avast showed me the same message(c:\windows\system32\remove.exe can be a rootkit) the manifacturer of this file is PixArt Imaging Incorporation...
Unless you have something that you also installed and the only thing I could find related to PixArt and remove.exe was this:
Eastman Kodak; Kodak Photo CD Access Developer Toolkit> 2008-07-18 20:04:19 48128 --a------ C:\WINDOWS\system32\Remove.exe
So if you had the same PixArt application installed on XP SP3 then it is probably OK (as giangygian also has the same PixArt association), but you should ensure that when detected you a) ignore it and b) allow it to be send to avast for further analysis.
Same deal happened to me today, Avast flagged remove.exe as a potential rootkit. My remove.exe was created back in 2004(XP Pro here). I scanned with A-Squared, Kaspersky online scan and Eset online scan and it came up clean. The description for it is Remove Program for Windows 2000 drivers and it’s signed by Microsoft. Although the signing doesn’t mean squat because that can be faked i’m pretty sure it’s a false positive.
I’ve gotten the same exact error. I’m guessing that since quite a few of us got this error (and then the scan said 0 infected files), all within the same day, that’s it’s a problem with avast! and not an actual virus…
I have exactly the same problem since last night. Remove.exe file in System32 and the file is by PixArt Imaging Incorporation. The day is the date when I reformatted this PC in August this year.
I clicked “Ignore” and did the Boot scan Avast suggests, it came up clean. I also clicked on “Submitting to Avast” (can’t remember the exact wording). But the warning came up again, also when I turned on the PC this morning. I have moved to the file to the Recycle Bin.
I am starting to hope though - reading all these posts - that this is a temporary glitch with Avast, rather than a problem with my PC.
Ciao Franzhate! Sono di Cosenza.
Hi!
I have Windows XP Home Edition.
Sorry but I don’t understand what we can do.Delete the file can give any problem?
Regards
X GIANGYGIAN
Ah,meno male ogni tanto c’è qualche italiano nei forum!!
Piacere di conoscerti!
I hope that it’s only a simple error in avast virus definition…it’s impossible I get a virus in a fresh formatted PC…I’ve only visited microsoft’s update site yesterday…