Win32:KillAV-AHY [Rtk] False Positives?

On a machine showing no symptoms, Avast Free 6.0.1125 (defs 110519-1) flagged as Win32:KillAV-AHY [Rtk] and quarantined a file in c:\Windows\System32\wdi\ with a very long name consisting of letters, numbers, and symbols, ending in _UserData.bin.

Alarmed, I ran a full Hitman Pro scan, a Malwarebytes scan, a Norton Power Eraser scan, and a Kaspersky TDSSKiller scan, all clean.

I then ran an Avast boot scan, and it flagged four more files as infected with Win32:KillAV-AHY [Rtk]. Three of these were the System hive of ERUNT registry backups – all of them are old files. I uploaded one of them to VirusTotal and only Avast flagged it: http://www.virustotal.com/file-scan/report.html?id=9963449e9d511f2baea647473a167f9f243673067a22b98346b7f9cc74a8e24e-1305831723. (They are all very large and VT seems to be having a problem with the large sizes, or I would test them all.)

I see that others are having potential Win32:KillAV-AHY [Rtk] false positives today: http://forum.avast.com/index.php?topic=78403.0 , so I have submitted the original file, currently in the Virus Chest, as a potential false positive. The others are not yet in the chest as I told the Boot Scan to report but not quarantine.

Is there anything else I need to do to help you investigate this?

Strange thing…Gdata does not detect ? or are they not on same update

latest avast update is 110519-2 http://www.avast.com/en-no/virus-update-history

No, only the two versions of Avast.

I see another thread that is the same as the initial File Shield detection:

http://forum.avast.com/index.php?topic=78416.0

110519-2 still flags them.

I had the same thing today when avast reported this threat???
I just quarantine for now, strange…

Fixed in latest definitions.

Fixed, false positive.

. . .So I can breathe a sigh of relief now? :stuck_out_tongue: >.<*