Rootkit found

Hello,

“Rootkit found” was the message I got from my Avast Free Antivirus yesterday.

SVC: LMS˃C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Threat: Win32:Evo-gen [Susp]

I chose the “delete” option (only available, in fact) and Avast said it needed to restart the computer with a boot-time scan. I let the boot-time scan run, but then I got the same “rootkit found” message. I did this three times and shut down my computer thinking it was infected.

Today I did (as usual) a quick scan first and then a full system scan… and got a “no threat found” message! Now I wonder if my computer has or doesn’t have a virus.

The only thing that makes me suspect it has one is my Yahoo toolbar. It’s a mess - with apps missing and some added.

I also scanned the Intel folder, but got another “no threat found” message, and visited virustotal.com, which gave a “probably harmless” message.

https://www.virustotal.com/en-gb/file/ff6ed89ea47df74c33cd8bfac48faed1b979348aba6b6d94ee07cbd21810f37b/analysis/

What’s next step now?

Thanks in advance.

I got exactly the same message and did exactly the same as Andy did with exactly the same results. I spent 3 hours this morning trying to understand why this came up as a “serious” infection on the one side and then “no threat found” when you scan the “intel” folder directly.
By the way Andy, I do not use Yahoo at all, so it is not linked to that.

I think we need some Avast expertise to check this out.
Rene

Win32:Evo-gen [Susp] = suspicious

First submission 2010-03-16 05:29:19 UTC ( 4 years ago)
https://www.virustotal.com/en/file/ff6ed89ea47df74c33cd8bfac48faed1b979348aba6b6d94ee07cbd21810f37b/analysis/

You can report it using one of these options…you may add a link to this topic in case they reply here

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

@Renedes
Perhaps I expressed myself wrongly. I never thought there was a connection with Yahoo. You know when you ask yourself, how can I tell if my computer has a virus? As viruses can make changes without permission, and I found myself with a toolbar full of applications I didn’t select, chances are I have a virus (I thought.) BTW, did you notice something unusual in your computer?

@Pondus
Thanks for your answer. So no doubt it was a false positive??? The toolbar mess was just a coincidence? I freaked out for nothing? :o (I’m not complaining. Just would like to make sure it was a false positive.)

Anyway, there’s nothing in the virus chest because, as I said in my first post, the only available option was a “delete” one. The only record of the virus is in the scan log, clicking on “detailed report”.

Anything else you suggest doing?

Anything else you suggest doing?
Send file to avast lab using one of the option i gave above.....then they will correct it

I said Avast didn’t give me the option to move it into the virus chest. The file apparently was deleted, though I never got a “virus deleted” message, or something of the sort. That’s why I’m asking if there’s something else I can do. How can I be sure it was deleted if I didn’t get a message?

The only trace of virus is in the scan log.

With me, this problem disappeared the same way it appeared… suddenly and traceless. Maybe the bootscan did solve the problem, but then without a clear indication. Maybe Avast was silently updated without letting us know. For the last couple of days I have had no warnings about this any more and everything seems to work properly. Happy.