Win32Rootkit-gen

I run XP home, SP3 updated to today with Zone Alarm free, Avast 4 Home,
Malwarebytes, and SuperAntiSpyware.
Yesterday afternoon Avast told me it had detected Win32Rootkit-gen in
Windows\system32\svchost.exe, but could not quarantine it, Windows
Defender, MalwareBytes and SuperAntiSpyware found nothing. A boot scan
from Avast also found it, but I did not attempt a repair because it is a
Windows file. Scanforfree.com root kit remover did not find it, but
Sophos Anti-Rootkit did, but gave the following message:

Area: Local hard drives
Description: Unknown hidden file
Location: C:\WINDOWS\system32\svchost.exe
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

This morning, Avast has not indicated the virus.
Last night I ran GMER, and it did not seem to
find anything.

Today, Avast gave no warning, but its log does show "Sign of Win32:Rootkit-gen found in the same location as above.

How do I get rid of this thing?

TIA
Don Eagle

fixed FP/false positive

Thanks, John. I sure hope so! Is this a known bug with Avast 4.8?

Don Eagle

It has nothing to do with avast 4.8 or any version of avast, but the virus database signatures incorrectly detecting this, a false positive detection, which as mentioned has already been corrected.

There are a couple of topics about this already in the viruses and worms forum, this is one, http://forum.avast.com/index.php?topic=47058.0.

Yes, thanks, David. I found the other posts after I submitted my first. I thought I was on the virus and worms forum, but, obviously I screwed up, and started a new subject. This thread can be canceled. I’ll be more careful in the future. My automatic update occurred a couple of hours ago.

Don Eagle

No problem, welcome to the forums.

The topics remain for posterity ;D, only moderators can delete/cancel posts/topics.