There is a similar post from Oct., here, but a different file named: http://forum.avast.com/index.php?topic=137628.0
Win 7 Pro x64, Avast 2014.9.0.2008
I don’t know how much of this is related. Yesterday I got a BSOD just after WIndows login that said “registry_error”. It happened again when I rebooted, so I loaded the last good configuration. Then I had no sound and had to repair the driver. I’ve had a few different BSODs over the past year, but they were different.
Last night I left the laptop on to backup with Crashplan (other software was closed), and the screen was blank (gray) this morning. I had to do a hard reset, and after I logged into Windows, Avast updated its definitions 131127-1, I assume.
I checked the Windows Event logs to see if I could tell what happened with the screen, and I noticed two PrintService Error 315 entries that referred to not being able to share Canon Inkjet MX310 series (the other post mentions a Canon printer). This is the driver for my dad’s printer in a different location and that I might use (rarely) if I go over there. That event was timestamped about when I restarted this morning, but there were similar Events for my two physical printers. The last Information System Event was at 1:44 AM until I restarted. There is a System Event Error 5 “registry Hive Recovered…” at 1:11 AM.
After I did some looking around I launched Dropbox, a file had been updated by my sister on my dad’s PC, but I hadn’t opened it but just looked at the list of files in Explorer. I’m not sure exactly when the Rootkit Found popped up, as I was away and saw it when I returned to the laptop.
I have not responded to the prompt yet, and my only choices are Delete Now or Ignore. Obviously I don’t want to Ignore, so I only have one choice.
I just found where the Virus Chest is, and took a look there too. It says it moved an exe file that I had on my Desktop on 11/19, also Win32:Evo-gen in it. I’ve had that file for quite a while. I didn’t get a notification about that.
What to do now? I’m going to run a boot-time scan after I submit this.