Automatic rootkit scan was not started

I am using Vista x64.
In the AVAST log I got the Notice “Automatic rootkit scan was not started as it didn’t complete successfully during the last run”

How can I force a rootkit scan?

Thank you,
Dan

Reboot and see if it completes on the next boot.

You can also start the avast! Rootkit Scan using this command.

  • Windows Start, Run and copy and paste this command (including the quotes, assumes that you installed avast in the default location)
    “C:\Program Files\Alwil Software\Avast4\ashQuick.exe” “SUPERQUICK” and click OK.

A rootkit scan is also done as part of the Standard and Thorough on-demand scans.

Does the rootkit scanning work into x64 systems? I don’t know.
If I’m not wrong, the boot time scanning do not run in x64 systems also.

on windows XP SP3 (32 bits) same problem

20/06/2008 07:45:25 1213940725 SYSTEM 292 Automatic rootkit scan was not started as it didn’t complete successfully during the last run.

i have other errors messages in log

09/04/2008 20:08:55 1207764535 SYSTEM 416 Internal error has occurred in module aswar scan function failed!, function 00000002.

Windows file system error 2 = The system cannot find the file specified.

Try a repair of avast. Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow.

Thanks David.
I rebooted but now I cannot see the log. The avast! Log Viewer starts but it does not display the GUI.

Try a repair of avast. Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow.

Did you have any other antivirus in this computer before installing avast?
Any other security program that could interfere?

Thanks David, I appreciate very much your so prompt replies.
I performed the repair as described and it worked fine. Then I rebooted.
But the Log Viewer still does not display the UI. When I want to kill the process ashLogV.exe I get the message: "Error terminating process: Access is denied.

The avast self-defence module will block you from doing that.

It may be best to do a clean reinstall.

Download the latest version of avast http://www.avast.com/eng/download-avast-home.html and save it to your HDD, somewhere you can find it again. Use that when you reinstall.

Download the avast! Uninstall Utility, find it here and save it to your HDD.

  1. Now uninstall (using add remove programs, if you can’t do that start from the next step), reboot.
  2. Run the avast! Uninstall Utility, reboot.
  3. Install the latest version, reboot.

Done. But nothing changed: the ashLogV.exe is present in Process Explorer’s list but no UI is visible. When I request “Bring to front” I get the message “No visible windows found for this process”.

I ran “C:\Program Files\Alwil Software\Avast4\ashQuick.exe” “SUPERQUICK”: a small box is displayed which disappears so quickly that I am unable to read.

Thus I don’t know if a rootkit scan has been performed and if yes, what is the result. I fear there is a rootkit because Vista is behaving strangely. E.g. impossible to start any program in Safe Mode. :cry:

Well the rootkit scan after boot stores information in C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log, so you can check that to see if the scan happened and if anything was revealed, there is a summary of the scan at the bottom of the file.

The scan is very quick (hence the superquick parameter), but I think you need to display the results of ashQuick.exe, Program Settings, Common, enable the 'Show results of Explorer Extension, see image.

Other anti-rootkit tools:
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.

Thanks again David.
I am impressed by how professional your tools are.
This time the rootkit scanner worked and found zero hidden items.
I also ran F-Secure fslb.exe with the same result (the other two recommended are not for x64).
Should I come to the conclusion that the computer is not infected?
If yes, what could explain all those symptoms:

  • When I start System Restore the process starts but the user interface is not displayed.
  • Task Manager also remains invisible.
  • When I click on “Turn Windows features on and off” the “Windows Features” box is displayed with “Please wait…” but nothing happens.
  • Installing msi files and uninstalling does not work. E.g. when trying to uninstall a program, Windows Installer displays “Preparing to install…” and remains so forever. Click Cancel, after 10 min or so “Install server is not responding”.
  • Frequently Visual Studio and the Office 2007 programs go in No responding mode.
  • When I shut down the computer "Logging off " is displayed until I use the hardware shut down button.
  • Chkdsk, Windows Defender, MS Malicious Software Removal Tool found nothing wrong.
  • Sfc /scannow doesn’t start. the cursor is blinking on the next line for ever.
  • Even worse in Safe Mode: Windows Explorer and other programs that work fine in Regular Mode won’t start in Safe Mode. Thus I cannot use the scanners in Safe Mode.

Thank you very much.

You’re welcome.
I would think that your system is clean, certainly as far as we can test. I don’t know if there is anything else on the antirootkit.com site link I gave you.

Sorry I didn’t check if all the tools worked with XP 64bit, a problem that you bump into frequently I’m sure ;D That really could do with advancing as it is certainly holding many people back from the advantages of XP 64bit.

All I can suggest on the task manager is a google search for what you said, Task Manager remains invisible and pre-fix that search with XP 64 or it may return many irrelevant hits.

There sounds like there is something more seriously wrong with your OS installation (unfortunately I have zero experience of XP64) you have had lots of scans all reporting that there is no problem, more importantly the rootkit scans. Added to that the 64bit OS is in theory more secure, I can only think it is some OS issue possibly corruption, sfc /scannow not starting is just one further to add to the list of things not working.

I don’t know if there is a repair install with the XP64 in the same way there is with XP ?

Well, indeed I have to run Repair!
Thank you again very much for your invaluable help.
Best regards,
Dan

No problem, I hope that resolves your problems.