Hi,

Avast bootscan run today at about noon found something identified as win32:rootkit-gen [rtk]

The file was c:\documents and settings.…\local settings\temp\pnicml.sys

It was moved to chest.
The details of the file in the chest are:
Last changed 22.10.2004 04:48:03
Size 31744

Computer has had no obvious symptoms.

Has anyone else seen this?

Could it be a false positive?

Thanks

Going on nothing other than its location, a .sys file in a temp folder is highly suspect.

Google searches also tend to support this detection, http://www.prevx.com/filenames/347393630340283230-X1/PNICML.SYS.html. You have to take care when googling such suspect file names as there are sites out there which purport to help clean them and they in themselves are bad.

####
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.