Hello,
This morning my Kaspersky internet security 2012 updated its virus definitions as usual. Afterwards it did a quick scan of the system and FALSELY marked "IntelAudioStudio.exe" as a rootkit (located in C:\Program Files\Intel Audio Studio\).
It displayed a window informing me of the rootkit and asking me (can't remember exact words)
1. if I would like to fix the problem now and restart computer (recommended by KIS)
2. do not run
So I hit option 2.
However, it still seems to have scheduled to "fix the computer" from this false positive upon reboot saying "Status: Will be processed after the computer reboot". I think it has altered the Windows registry too, I think deleting the entry to startup the .exe on next reboot.. not sure.
Does anyone know their way around KIS and how to restore the file?
UPDATE:
Just a quick update so others in the same situation know what to do.
Kaspersky is set up initially in a so called "interactive mode" so it decides automatically which option to choose from upon detection: quarantine, block, or do nothing. Since mine was set in interactive mode it chose to quarantine by default and subsequently presented me with the follow up message as originally posted above. So effectively it was going to do a quarantine no matter what but with a slight variation based on user input.
However, I turned off interactive mode (located in Settings>General Protection Settings>General Settings>Interactive protection>uncheck Select action automatically) and I repeated the detection on "IntelAudioStudio.exe" and was allowed to choose to not do anything as it was a false positive. But since the Windows registry was modified during the original detection a reinstall of the Intel Audio Studio was the only option to get it into full functioning order now as I saw no way to undo what it did.
Either way I might switch over to another AV as this one is totally lacking in the UI design and general intuitiveness department.