Win32:Rootkit-gen infection on mycomput.dll --PLEASE HELP!!

Hi, everyone! I’m new here.

I’m on desperate need for help. I have 2 computers, one Samsung laptop, one HP desktop, both with Avast installed as antivirus protection. Yesterday evening, I performed on each of them an “on-boot” analysis with Avast; on the two of them, Avast detected Win32:Rootkit-gen infecting several locations:

a) on the both the HP and the Samsung, on a file named “mycomput.dll”, located on two places:

C:\WINDOWS\system32

and

C:\WINDOWS\system32\dllcache

b) on the HP desktop, on the same two locations said above, as well as in folder named MYCOMPUT.DL_, located twice:

C:\WINDOWS\I386\MYCOMPUT.DL_

and

E:\I386\MYCOMPUT.DL_

Being system files, I hesitated before saying “yes” to “remove to virus chest” option.

Very BAD choice. When I logged in as administrator, the Computer Management Console on both PC’s was screwed up. And, though both “mycomput.dll” files may be restored from the virus chest, none of the MYCOMPUT.DL_ folders can, and one of them happended to be on my desktop’s restore partition (letter “E:”), so that partition got screwed up forever I guess (fortunately, I keep an external restore CD if I ever needed to reformat the hard drive of my HP - which I hope won’t!).

Circumstantlal info of possible relevance: before performing Avast’s analysis that rendered those positives, I had just performed a frustrated update attempt of “Spybot-SD”, which failed with warning mesage of “wrong checksum” and had to be repeated trying with another server (maybe the 1st server I tried was being hijacked??), this time successfully. It was inmediately thereafter that I left Avast performing analysis on both computers.

Today I have spent hours trying to restore both PC’s to previous restore point I imagined were previous to my computer’s infection; no success. Avast’s “on-boot” analysis after restore point will give positive again on “mycomput.dll”, exactly on the same locations.

I have tryed an analysis of the file on Jotty and at least 2 of the antiviruses gave a “Win32:Rootkit-gen” positive: “GData”, and of course, Avast.

Most puzzling, though, is the fact that when I analyze the file on my PC, logged in as user and with Avast’s context menu “fast scanner”, it just won’t detect anything. ¿A false positive?

For the moment I have stayed eith the restore point on which the Computer Management Console is operative, though the “mucomput.dll” is, supossedly, infected. I need help.

I don’t know what to think or do, and I feel completely helpless with this rootkit infection on one of my operating system’s files!! PLEASE I NEED HELP!!!

Thank you…

P.D. Could I just download a “mycomput.dll” file, put it in the places where it was located and somehow register it, after moving to chest the present ones that are infected? ¿would that work as a sollution?

False positive alert will be fixed in next VPS update


Welcome to the forums, Aleph2.

Misak stated above this is a false positive which means your computers are not infected … well, at least not from this particular problem.

Please make sure you are getting the updates so that this will be fixed for you.


Thank you. It’s such a relief to know it WAS a false positive… just couldn’t figure out having to format both my PC’s and rebuild my system settings form scratch in the two of them…

I have AVAST update in automatic mode and it normally updates some 2/3 times a day, so I hope it will be fixed already at this point - gonna give a try.

Thanks!!