w32.rootkit-gen detected and stopped, can't find trigger
Posted on 2014-07-25
I have some legacy HP convertable tablets that just yesterday around 4pm began detecting and stopping w32.rootkit-gen from installing. I have the latest Avast installed on them and it stopped the install. It was located in a resources folder for actividentity which is an HP tool that lets you log in with smartcards and so on. I was able to run bootscans to remove the file which was found in c:\swsetup\hptools\PTAC_A8.400\AC61X86\ACx98.msi. It appears that the HPtools update is infected? I can't figure out how it got on my computer if it's not an update. Even after the bootscan and clean it still calls for the install. I can't find the "trigger" or where it is calling for the win installer to remove it. Perhaps this is a undetected trojan making the call?
Any information on this would be helpful.