"Win32:Rootkit-gen [Rtk]" has been found in

Hi all,

ive gott a problemuntil the last avast update.

Run the update → wanna play COD4 like every day → COnnect → And then this

YSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys” file.
09.07.2008 17:15:19 1215616519 SYSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys” file.
09.07.2008 17:18:57 1215616737 SYSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys” file.
09.07.2008 17:19:18 1215616758 SYSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINXP\system32\drivers\PnkBstrK.sys” file.
09.07.2008 17:19:37 1215616777 SYSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINXP\system32\drivers\PnkBstrK.sys” file.
09.07.2008 17:19:48 1215616788 SYSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINXP\system32\drivers\PnkBstrK.sys” file.
09.07.2008 17:26:20 1215617180 SYSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINXP\system32\drivers\PnkBstrK.sys” file.
09.07.2008 17:27:03 1215617223 SYSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys” file.
09.07.2008 17:28:19 1215617299 SYSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys” file.
09.07.2008 17:29:05 1215617345 SYSTEM 1696 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “E:\RECYCLER\S-1-5-21-2025429265-515967899-839522115-1003\De1.sys” file.
09.07.2008 19:01:19 1215622879 planlos 1628 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys” file.
09.07.2008 19:01:56 1215622916 planlos 1628 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINXP\system32\drivers\PnkBstrK.sys” file.
09.07.2008 19:01:59 1215622919 planlos 1628 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINXP\system32\drivers\PnkBstrK.sys” file.
09.07.2008 19:02:14 1215622934 planlos 1628 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINXP\system32\drivers\PnkBstrK.sys” file.
09.07.2008 19:05:44 1215623144 planlos 1628 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINXP\system32\drivers\PnkBstrK.sys” file.
09.07.2008 19:24:25 1215624265 planlos 1128 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys” file.

Ive completly uninsatelled Punkbuster and reinstalled it.

But evey time i connect i get this message.

Could it be that this is a “wrong” message after the update? So avast thinks this file got root kit?

Plz tell me what to do :frowning: ive played COD4 every Day till one Year or so and no Problems.

Thx guys and sorry for my boring english

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

I get the same error/false positive virus warning with the same file, and also when I wanna play COD4

Never had any problems until today either

So I think you guys screwed up somewhere along the line :wink:

same here.

Here the link to VirusTotal Scan

http://www.virustotal.com/it/analisis/fac9baa7ce55f7c82ee6ab8303314287

This morning i played and i had no problems at all, updated avast and now no way to play ;D

I’ve just sent an email with the file. Hope you can sort the problem (FAST PLZ :D).

I’ve been having the same problem here too: right after the update there is no way to play CoD4. It keeps saying that ‘‘Win32:Rootkit-gen [Rtk] was found on C:\WINDOWS\system32\drivers\PnkBstrK.sys’’ as soon as I get in a server. :o

I’m getting the same problem too. All fine until this afternoon. Even scanned COD4 folder manually and got the same result. ???

EDIT: Disabling Avast works but obviously it’s not an ideal solution…

Exactly the same here!!! How long til it gets fixed/updated? This is killing me. I need COD4 :frowning:

Aghhhhhhhhhhhhh - this is not cool and I am not a happy chappy. The one evening I have free from wife and kids and the AVAST decides to put out an update the foobars Punk Buster so I can not play COD4.

I aint a happy man… oh no.

PLEASE send an update!!!

On the pluss side the Tech advise on how to get past the error works and I can play okay now but I feel a little exposed.

Had to enter \pnk.sys as an exception which I do not like.

Please send an update with a fix and fixes…

I’ve got the same problem too using CoD4 , trouble is I’m a bit of a PC dummy so I haven’t got a clue what to do.#

Is it easy to fix?

DbD

Got the same thing… Sign of “Win32:Rootkit-gen [Rtk]” has been found in “E:\Call of Duty 4 - Modern Warfare\pb\PnkBstrK.sys” file.
HELP!!! Iam 54 and I dont have that long :cry:

exactly the same issue
ive always known pb was a rootkit, but still…

fuzion and gregoryashby: use the Exclusion lists as a workaround.
Most probably the tomorrow virus database update will correct this false positive…

Thanks for the come back. I tried exclusion list…punkbuster is in the COD4 folder…I put COD4 folder in exclusion list, but no go same thing happens. Do I just put punkbuster in exclusion??

i tried it, no way :S

Which are exactly the text you’re writing down on the Exclusion list and which list you’re talking about (on-access or on-demand scanning)?

   I opened avast on the toolbar... went to program settings - Exclusions- Hit browse-Local Disk C-Program Files-Activion-Call of Duty-4 Modern Warfare-Put a check in the box,="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare",-Hit OK and it apears in the Exclusion.

Got similar, in my big fish games, but nothing else I scan with comes up with a virus or worm. Does this happen often, as I have only just changed to Avast, but if I can’t play my games etc, I think I will revert to Nod32

10/07/2008 1:23:38 p.m. SYSTEM 1884 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/07/2008 1:23:39 p.m. SYSTEM 1884 An error has occured while attempting to update. Please check the logs.
11/07/2008 11:18:43 a.m. SYSTEM 1780 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:31:35 p.m. 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:31:57 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:32:22 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:32:28 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:32:33 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:32:36 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:32:42 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:32:54 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:33:08 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:33:16 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.
11/07/2008 2:35:25 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\Hidden Expedition - Titanic\rkmjtxt.exe” file.
11/07/2008 2:35:45 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\Hidden Expedition - Titanic\rkmjtxt.exe” file.
11/07/2008 3:44:30 p.m. Paul 1796 Sign of “Win32:Kolabc-CN [Wrm]” has been found in “H:\Program Files\The Clumsys\cgbzqqt.exe” file.

It’s a false positive that will be corrected in next virus database update (if it wasn’t already).

Because this file is not just in the COD4 folder but in many you need to add the exclusion as \pnk.sys

I hate using such a wide exclusion but it does work and COD4 will work after adding this.

:slight_smile: