Yesterday while surfing, I blocked java.exe to run add.exe with Online Armor. Later I checked with avast and it picked a win32:rootkit-gen.
I was curious today, if the detection has changed since it was a generic one. Tried to scan from chest and the GUI hangs.
Killed the GUI, started it again and to my surprise there is another file in the chest. It appears that avast picked the temp file as a new file/detection (added in update 111220-1).
Scanning this new file leads to same behavior. Image attached.