I just did a rootkit scan and it found an "IRP hook". I am unsure of whether to remove it because it is from the system 32 file. Could this be a false positive because last months scans from AVG, Spybot and Malwarebytes did not show up anything?
*I have just run a scan with Malwarebytes and it found nothing and have also run a scan with Hitman pro and it found nothing)
Assume that you are using the AVG Free version?...
File name of rootkit infection: Please see attached photo in first post
Did you by any chance edit your posting?. If so, Your attached files would have been deleted. Presently if a user (not a moderator) edits their post with an attached file it's deleted. This situ is in the process of being investigated.
AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063 AlanHow-To articles | FAQ | Knowledge Base
the newly introduced AVG Anti-Rootkit detects rootkit like behavior (e.g. IRP hooks). Some of legitimate applications use rootkit techniques for various reasons. It seems that the detected file belongs to Drive Letter access. Could you please uninstall the related software and check whether the AVG detects nothing then? You may ignore the detection in such case (after installing the software back).
Also, I was not able to find any e-mail sent from your e-mail address (used when registering on this forum) to firstname.lastname@example.org. If you will send the sample, please mention that it is detected by AVG AntiRootkit 2011 and its exact detection name and path.
Anti-Rootkit False Positives
Please be informed that AVG Anti-Rootkit detects all processes (not digitally certified by trusted authority), which are using rootkit technique to hide their actions. The detected rootkit can be a virus, as well as a part of a commercial application (more information).
In case of suspicion about a falsely detected rootkit, please locate it and send to email@example.com for closer analysis.