1. How do I investigate - Guess what you are starting the ball rolling here and that doesn’t require avast contacting you. As I said how can they contact you if they don’t know whom to address; this is a chicken and egg situation, catch 22 as you say.

However, that doesn’t stop you a) answering the questions asked relating to the detection, file name and location, etc.

It also doesn’t stop you using google, etc. to look for information on the above either. Finding out if it is a) a legitimate file name and location, b) an application that you are aware about and installed, c) what it is that this application does that might make the anti-rootkit scan consider it ‘suspicious.’

From this you can get a pretty good idea if what is definitely bad, or not confirmed.

  1. I feel that you should in the first instance have chosen Ignore as a) the alert is one of ‘Suspicion’ not certainty b) that is the safer option ‘first do no harm’ and c) that was the recommended action by avast.

Hibernate isn’t a solution, just a temporary computer state, whatever that suspicious alert is about will still be running when you come out of hibernation.

  1. If there is no means of direct input you can’t waive anonymity, there certainly isn’t something in the avastUI that I’m aware of. Same thing even if it was what avast saying that they thought it a good detection (different alert, not mentioning suspicious), were the alert gives the option to send for analysis. That again as far as I’m aware won’t provide feedback.

This is why I said this, not to delete:

Ignore isn't actually so bad as they aren't ignored for all time, just until the next anti-rootkit scan when the alert should pop-up again; unless you further compounded this action by having avast remember your decision (or words to that effect) as you wouldn't see the alerts.

Deletion should only be contemplated after full investigation.

The above allows it to be scanned again and again and again if necessary, if it is a false positive it would eventually not be detected. So analysis must have been done and the correction made, back handed confirmation and why I feel deletion is never a good first or early decision as you have none left. So Ignore is the lessor of to evils as the condition of your system hasn’t changed i should still boot, it should still work as it has been, deletion as a first option could totally change that.

However all of the above is pure speculation as you have given me noting to work with, that is why we ask questions. The very first thing I did in my first reply was to try and get this information, which you seem to want to keep to yourself, I can’t work in the dark.