Avast anti-rootkit scan

Dear Avast Forum,

Can somebody please tell me how to execute an Avast anti-rootkit scan?

Is this automatically done when a full boot-time scan is completed?

I am using Avast Pro 4.8.1229 with virus defs 081104-0. I understand Avast has an anti-rootkit function however I am a little unsure!

Any help would be much appreciated!

Thanks,

Avastfan1

AFAIK it’s done when the boot time scan happens.

Depends on your OS, the anti rootkit doesn’t work with win9x, winME.

It is run automatically 8 minutes after start-up, when you run an on-demand scan with a sensitivity of Standard or Thorough (not Quick) it is run as part of that scan too.

Dear Forum,

Thanks for your speedy reply!

Four follow-up questions:

  • @Dave Could you confirm Frank’s comment that it’s run as part of a boot-time scan?
  • How do you know it’s been run 8 minutes after startup - I notice no harddrive activity? :S
  • Is there a separate log or results report to confirm nothing/something was found?
  • Would you recommend any complementary anti-rootkit products as an additional security?

Thanks in advance!

Avastfan1

The indication it has been run is located at (normally) C:\Program Files\Alwil Software\Avast4\DATA\logand the title is aswAR.log. (opens in notepad.)
As to the other three questions, I couldn’t say. I’ve not noticed extra HDD activity 8 minutes after start, but nor have I especially listened/watched for it.
The rootkit scanner is based on the GMER application, which I think is respected and capable. Extra demand scanner/s are up to you. My choice would be not to bother if there was no indication of anything found.
Maybe a checkup (second opinion) scan with a few demand scanners of different categories (AV, AS, Rootkit) every few months. So far I’ve not found anything significant by following that protocol. The odd FP; the odd tracking cookie. So I’m reasonably confident that the various modules in Avast do a pretty decent job. Actually, a very decent job.

  1. If I could I would have at the time, to find out I would have run a boot-time scan and checked out the aswAr.log file mentioned by Trag57. You would have to be quick in checking as 8 minutes after boot it would run and overwrite the previous log.
    2 & 3. As Targ57 mentioned.
  2. I have a few I would try if I felt that I may have a rootkit, but since they will be constantly updated keeping a copy of them is of limited use as it is best to get the latest version before you run it.

There are more anti-rootkit scanners than you can shake a stick at but the greatest majority are totally user unfriendly as they present the user with more questions than answers. There are very few that I would consider efficient and relatively user friendly, but even then you may need further advice.

GMER (and to a degree Rootkit Revealer) as mentioned is very powerful, but a little like the hijackthis of anti-rootkits as it produces volumes of data that you have to analyse. So these to my mine aren’t for your average user.

Dear All,

Many thanks again for the speedy and detailed replies!

Log file was there as you predicted and reported 0 hidden files, registry items, processes, services or boot sectors found! Yay me! :smiley:

I’ve also noted down the anti-rootkit programs so again many thanks for the great advice!

Keep up the sterling work lads, you are doing a fantastic job. I hope somebody does something nice for you today.

I wish you all a great day and end to the week!

Avastfan1

You’re welcome.

Be prepared for fast and detailed replies here, this forum is GREAT! Many nice members, that really want to help! :slight_smile:

Bluesman: du är väl svensk eller hur? :smiley:

Yes, I am swedish :slight_smile: But we talk english here, so everybody can understand :wink:

If you want to talk about avast on our language, I can recommend the forum @ http://www.avasthome.se/ :slight_smile:

My nick is Columbo there!

See ya’, or as we say in swedish, SKÅL! :wink: