today on Windows 7, my avast free detects Windows\System32\wdi[b]ShutdownPerformanceDiagnostics_SystemData.bin[/b] as Win32:KillAV-AHY [Rtk]

(virus definition: 110519-0)

is it a false positive? ???

same problem here, VT report

Looks like a FP.
Please report it here: http://www.avast.com/contact-form.php?loadStyles
Thanks,
asyn

Today i have the same problem on my windows7 home premium 32bit. :o
It’s a fp?

I’m having a similar problem: http://forum.avast.com/index.php?topic=78424.0

and I see others are as well: http://forum.avast.com/index.php?topic=78416.0

Could there be a problem with the Win32:KillAV-AHY [Rtk] definition?

Any news? the only thing i have installed on my system yesterday was the update of privatefirewall 7.0.24.4, got an error and had to reboot. Could it be related?

I do not know if it is a false positive. I am concerned about this because I had stumbled upon some strange webpage. It was supposed to be a sort of financial analysis–the link was through “getrichslowly.org”–and when I clicked on it, it started playing this crazy music. It had this ugly picture and mentioned something about hackers and virus. (I didn’t read it all because as soon as I clicked on it, heard the stupid music, and saw this guy’s ugly picture, I was like, “Whoa, wait a minute,” and exited the page as soon as I could. I immediately cleared all data from my browser and closed it.

When I checked on my avast as it was scanning, it reported two infected files, infected by “Win32:KillAV-AHY [Rtk]”

I’m upset because I don’t know what this is and I worry about the safety of my machine. The only thing I did with my administrative account yesterday was I installed “The Sims Castaway: Stories.” Then, very early this morning (around 01:30), my avast reported that I had two infected files.

Given that I had encountered a highly suspicious website a few minutes before I noticed that avast had found two infections, I could not tell you if this is a false positive. I’m not going to assume that it’s a false positive. If it is, that’s great, but it seems like some. . . jerk, for a better term, hacked into some unsuspecting ding-dong’s website (one that must have been connected to “getrichslowly.org.”)

Needless to say, I will not be going to “getrichslowly.org” again. .

-.-* Sigh.

I doubt it was from that website, I run noscript, abp and LSO cleaner and only really visit 5 websites, I also download nothing and I didn’t get my details socially engineered

It’s not done anything to my PC whatsoever, svchost being quaranteened did, it restricted a little bit of acess but nothing essential.

I don’t think we should worry for the time being, combofix and OTS show nothing.

Hey man, I saw you on another thread, similar to this one. ;D waves

Anyway, I have to say. . I’m not quite as careful as you–as careful as I should be. I’m ashamed of myself ‘cause I do know better. . :’( But, hmm. I’m not sure what to say about this, then. I just moved the infected files to the “chest” and did a boot time scan (no virus was found). I’m still worried about this, though. :-\

You’re probably right about the website, but I am still concerned.

Try updating to latest definitions and re-scanning – my false positives are no longer being flagged.

So can we restore the file in the virus chest?

Thanks.

Yep, turns out this was a false positive

It turned out to be a false positive because updating definitions and re-scanning no longer flags it?

Correct.

Yes.

Great news!

Thanks everybody for the help!

You’re welcome…!

That is such a relief. . 8)