Intel RST may cause a rootkit false positive

Discussion in 'Windows 7' started by EneergE, Mar 22, 2011.

  1. EneergE

    EneergE MDL Novice

    Dec 13, 2009
    15
    0
    0
    I'm rather paranoid about malware, and so I go to great lengths to mitigate it. However, a few days ago I noticed that I was receiving an "Infected with rootkit" response when running eSage Bootkit Remover (www,esagelab,com/resources.php?n=software). The removal method the program includes did not work. So I ran several different other AVs and sent several files to virustotal,com for analysis and I never did find anything.

    So, eventually, I decided to unplug all my drives except one, wipe it with DBAN, and re-install. Immediately after logging in the first time I ran the eSage tool to confirm that rootkit had been removed, and sure enough it had.

    I started installing drivers, and after each install I immediately checked for the presence of a rootkit. I installed the driver, rebooted, and checked. After going through a few drivers, I finally discovered that the Intel RST package is causing the "false positive" detection. Immediately after installing RST and rebooting, the rootkit detection started showing up.

    Even after using EasyBCD to replace the MBR, I still get this infection notice.

    Can anyone else confirm that the Intel RST (direct from intel,com) causes a rootkit infection warning with the above mentioned tool on their machine?

    Thanks.
     
  2. thethingy

    thethingy MDL Senior Member

    Sep 7, 2010
    301
    40
    10
    most likely a false positive, get yourself a good firewall and let it learn your pc then even if you do get an infection it wont be able to communicate with it's master.
     
  3. DesertJerry

    DesertJerry MDL Novice

    Apr 11, 2010
    49
    2
    0
    Which RST version? Latest, as far as I know, is 10.1.2.1004.