Sign of Rootkit

Avast Free Antivirus / Premium Security
1

Hey all!

Scanning my system with avast! today I get warnings for over 250 files that avast! detected signs of rootkits. In the log file, this looks as follows:

16.12.2008 09:25:36 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\medctroc.dll” file.
16.12.2008 09:25:37 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\ehOCGen.dll” file.
16.12.2008 09:25:37 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setup.bmp\plusoc.dll” file.
16.12.2008 09:25:41 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupdll.dll\medctroc.dll” file.
16.12.2008 09:25:41 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupdll.dll\ehOCGen.dll” file.
16.12.2008 09:25:42 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupdll.dll\plusoc.dll” file.
16.12.2008 09:25:46 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupapi.dll\medctroc.dll” file.
16.12.2008 09:25:46 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupapi.dll\ehOCGen.dll” file.
16.12.2008 09:25:46 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\setupapi.dll\plusoc.dll” file.
16.12.2008 09:26:17 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe” file.
16.12.2008 09:26:18 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe” file.
16.12.2008 09:26:38 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\CONFIG.NT\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe” file.
16.12.2008 09:26:39 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\CONFIG.NT\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe” file.
16.12.2008 09:26:58 user-name 3844 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\ZPP.DLL” file.

and so on…

I have no idea nor what this is nor what I can or should do about it. Cleaning the system with CCleaner didn’t change anything. Can anyone help?

Thanks in advance

Nicku

2

Do you use an Acer computer?
There is a well known bug with Acer computers.
They’re working on it.
Until there, as a workaround, disable rootkit scanning in the Trobleshooting tab of program settings.

3

Yes, it is an Acer!

I guess I’ll just wait then…

Thanks anyway!

4

Don’t forget the workaround and, also, to check the forums regularly to see if the problem was solved. Also, keep your avast program and virus database updated.