Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Is this a false positive

Mar 9, 2011 3:19AM PST

My AGV stated in a rootkit scan that it was stopped due to a hidden file which flashed up that this was a rookit but did not heal or delete it,(WAULV5LA\api[1].js)I googled it and could not find any information on it, can you shed any light on it.

Thanks

Discussion is locked

- Collapse -
Re: is this a false positive
Mar 9, 2011 3:34PM PST

Hello WWDug,

could you please describe the detection in more details? (copy&paste export of scan result)
- especially the part that AVG scan was stopped. As AVG should finish its scan without interruption

You can also check this thread about reporting false positive detection (suspicion).

Thank you

- Collapse -
scan results for false positve
Mar 9, 2011 11:00PM PST

The "Scheduled scan" was stopped before completion.
Rootkits;"1";"0";"1"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"Tuesday, March 08, 2011, 5:53:10 PM"
Scan finished:;"Tuesday, March 08, 2011, 6:00:55 PM (7 minute(s) 44 second(s))"
Total object scanned:;"1066279"
User who launched the scan:;"SYSTEM"

Rootkits
;"File";"Infection";"Result"
;"C:\Documents and Settings \Local Settings\Temporary Internet Files\Content.IE5\WAULV5LA\api[1].js";"Hidden file";"Object is hidden"
Could not find the link to attach file.

- Collapse -
Re: Scan results for false positive
Mar 9, 2011 11:20PM PST

Hello WWDug,

this detection can be related with remains of already removed temporary internet file. Anti-rootkit is comparing the raw content on hard drive and content suggested by operating system, and can run in an alert, when the comparisons are different.

I would suggest clean temporary internet files, check your hard disk for errors and then run AVG Anti-Rootkit scan again.

What is the current situation?

Thank you

- Collapse -
Update on scan results
Mar 10, 2011 4:03AM PST

All clear,thanks for all the help,I do clear out the temp intenet files folder now and again, and now I can rest easy now that there is no nasties lurking.

I even found the actual folder after the checks came back clear and delteted it for good measure.

Thanks again