There is a temp file generated at each boot that is flagged by Avast! at boot time as win32:rootkit-gen [Rtk] I tell it to move to chest but next boot we have new file with new name mc###. So I uploaded this to http://www.virustotal.com/ and it shows as
File mc21.tmp received on 07.25.2008 15:05:50 (CET)
Current status: finished
Result: 4/35 (11.43%)
So what is this and how do I find out if it is real or not…
How do I find what is writing it?
Avast finds nothing if a scan is run after this is removed or in dos mode…
Thanks!
I got the same thing after the new program update (4.8.1227) ON 2 COMPUTERS!!
The file was actually “c:\documents and settings\user\local settings\temp\mc21.tmp” and also was a temp file generated at each boot.
I thought it was a false positive but i googled it and found out it was the “mchinjdrv” troyan. it’s very easy to remove.
BTW, do you have supercopier2?? i’m sure it’s because of it.
No I don’t have that program and after the last reboot the virus defs were updated and now none of those files in my chest are considered infected… and nothing is found at boot time. Those files are not being generated anymore either… strange…
same here, with filenames mc21.tmp and mc22.tmp, I don’t know what program generates theses files, but it locks up my computer and I have to do a hard reboot. Only 1 windows profile infected, the others profiles don’t have the lockup problem.
virustotal and jotti don’t report them as virus (as above)