SYSTEM file infected

Hey Guys,

I ran a full system scan the other day and got two hits :(;

C:\System32\config\SYSTEM
C:\System32\config\RegBack\SYSTEM

Both infected with Win32:Agent [tjn]

They both also showed up in a boot time scan.

Since then I have scanned with SuperAnti Spyware, Malware, Windows Malicious Software Removal tool, and even Clam Anti Virus just to be sure, and they all showed the system was clean. As well as sfc.exe to make sure it wasnt corrupt and giving me a hit because of that.

The File is a system file and is used in the environment so obviously i cant just delete it, and I dont know if it is a false positive or not. Any suggestions?

Running Windows 7 Professional x64

The File is a system file and is used in the environment so obviously i cant just delete it, and I dont know if it is a false positive or not. Any suggestions?
upload to www.virustotal.com and test with 40+ malware scanners......if scanned before, click rescan post the scan link here for us to see

alternative
jotti.org
metascan-online.com

here they are:

C:\windows\system32\config\SYSTEM:
https://www.virustotal.com/file/16f123ae9b807054ae806231ebcd627d69e28461f5db6a88dc2168f7bd764681/analysis/1350337272/

C:\windows\system32\config\config\SYSTEM:

https://www.virustotal.com/file/67f2e3cad3d3bd623457b9d01d224bf26f834a94d9a8e8d0821c7a228da597b2/analysis/

much easier if you just copy the url to the scan result and post that :wink:

… ya figured that as soon as i hit post… its been modified.

Any ideas Pondus?

the fun keeps coming, I ran a scan in safe mode and got nothing. same scan after reboot and i get the same 2 hits

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles