Suspicious file found????

I got an Alert from Avast today. I was using HD tune to run a benchmark on my hard drive when it happened. I’m including a screeny. I found the file and scanned it and it was fine. What do you think??

By the way, I found this when I searched the Everest forums.
"Load device driver under WinNT/2000/XP/2003

This option controls the using of EVEREST kernel driver for NT kernel systems (KERNELD.WNT is the 32-bit driver for x86 systems; KERNELD.AMD64 is the 64-bit driver for x64 systems; KERNELD.IA64 is the 64-bit driver for IA-64 systems). In almost all cases instability issues can be avoided by preventing the use of EVEREST kernel driver".

avast only considers it suspicious as it is an unknown hidden process, you should select ignore and let the file be submitted to avast or further analysis.

This is the anti-rootkit scan 8 minutes after boot and this differs from the conventional avast scans as it uses heuristics as it says. So scanning it with avast’s conventional scans are unlikely to return anything.

If you installed Everest Ultimate Edition and given the information you found it appears to be a legitimate file (do you also have an AMD 64bit CPU ?), being a kernel driver it would load early, though I don’t know why it would need to be hidden.

Just beware this will crop up for a while, just choose ignore and continue to allow it to be submitted, I would be loath to check the Do not tell me about this file in the future, certainly not so soon.

Thanks for the repLy. I don’t have an AMD processor, but I have a 64 bit OS.

Well if you have Everest Ultimate Edition, but you don’t have an AMD CPU then this KERNELD.AMD64, which really given the name with AMD right in your face would have been related to AMD 64bit CPUs is weird.

I would bet that the installation of Everest ultimate installs all drivers for both processors.

Possibly, but the name is most certainly misleading.

Has avast continued to find it ?
If so have you continued to ignore and submit the sample ?

Nope, Avast has been silent since finding it. I just looked on my sons PC which also has Everest installed. He has the same file in his Everest folder.

That’s good as it indicates that the sample sent has been analysed and found to be fine, so it is no longer detected.

Which is why it is important to a) select Ignore, b) Submit to avast and c) not to check the Do not tell me about this file in the future, or you wouldn’t know if and when it was corrected or confirmed as a detection {not just suspicious}.