Tonight, I decided to do a boot-time scan with Avast, and whenever it scans “svchost.exe”, I keep getting a message saying it’s infected with “Win32:Rootkit-Gen [rtk]”. I did some research on it, and I learned it was a false positive according to the Avast knowlegebase.
The problem is, I’m using an U.S. English version of Windows XP Home, with Service Pack 3, and the article states Russian and French versions of Windows. Now I’m worried. I can’t erase it since it’s an important file, I can’t move it to chest, I can’t even repair it. Is it really a false positive or a real rootkit?
My version of Avast is 4.8 Home Edition, with the virus database version 090723-0. Can I please get an answer or how to fix this problem without needing to reformat?
only the avast is detecting it as Win32:Rootkit-Gen. it might be a false positive. gdata also use the avast engine hence even it is detecting it as Win32:Rootkit-Gen. upload the file to avast. for that:
virus chest > user files > add files icon > select the file you want to upload and click email to avast icon. and do a manual update of the avast so that it is uploaded to avast.
I did that, but when I go to e-mail it, I have to either choose potential malware or false positive. I don’t know which to choose since I’m not sure if it’s really a rootkit or not.
Thanks, I submitted it and did a manual update (even though I’m already up to date). I hope something happens, I’m still worried a bit in case it isn’t a false positive. I just happen to found the knowlegebase article online.
always welcome wolfy. if it is a false positive, then it’ll be fixed asap. (it must be a false positive since virustotal showed only avast is detecting it. ) come back later if you have any problems.
I had the same issue this morning, gave me the fright of my life!
After using another PC to get on to the internet I found this thread (and thousands of others) lots of searching, did full on boot scan, same issues - did not want to delete the file since it seems vital to the operating system.
It seems as if it WAS a false positive - I had the same Virus Database 090723-0 later after I saw the last reply about the fixed VPS I updated and now Avast (and me!) is happy again.
After avast found the Win32:Rootkit-Gen i clicked the close button on top of the avast window since i couldn’t do anything and restarted computer - did i do something wrong?
The detection has been acknowledged as a false positive by one of the virus labs team and corrected. So if you have the latest VPS update then it won’t be detected.