system
1
Hello all
I downloaded Avast Antirootkit 0.9.6 and it executed it on my Windows 2008 R2 VPS server.
It found 29 items on HDD and masive amount of items in the registry, more then 5000 and it still works …
Is it safe to Delete all those items?
Thank you.
Pondus
2
Is it safe to Delete all those items?
Impossible to answer without the log
avast have a rootkits scanner (gmer) integrated in the AV engine and will perform a rootkit scan 8min after computer start
system
3
Hello
thank you for your answer.
I downloaded it from http://files.avast.com/files/beta/aswar.exe
and executed in the temp directory and it still running.
I see aswar.log file in program directory (it is currently about 2 MB) - do you need that file?
I did not restarted my server, just executed aswar.exe and clicked on Start scanning.
Thank you.
Pondus
4
do you need that file?
To answer your question, yes
Experts are notified but they are probably not online before tomorrow
why are you running a rootkit scan, any problems?
system
5
OK I will upload a log once scanning is finished.
Before few days I saw that Google Chrome will not run any more (it displayed sad face so I asked Google for help.
They answered I need to try run some malware software.
I tried many of them and noticed that some of them want to install specific driver by Windows boot - to test the system - but they failed.
Then I was 99% sure that I have something but only Avast Antirootkit actually said there are Rootkits.
It runs now for more then hour and found more then 8000 items so I’m waiting it to finish.
I suppose I need to purchase some license to remove them?
Could you please give me any info about that?
Thank you.
Pondus
6
I suppose I need to purchase some license to remove them?
No
when scan is finish, attach log, dont remove anything
also see here > https://forum.avast.com/index.php?topic=194892.0
Scroll down to second picture > Farbar recovery scan tool
Follow instructions and attach the two diagnostic logs
Then a expert will assist you tomorrow
system
7
OK will do so, thank you.
Hi guys,
I just want to mention that aswar is a very old and obsolete version, you schould not use anymore.
Greetz, Red.
system
9
Is there any other Rootkit scanner for Windows Server 2008?
Thank you.
Eddy
10
There are searchengines 
If you are running a server and need to ask the things you did here, I suggest you hire a real admin.
system
11
Hello
I did try other rootkit scanners but they can not run because they can not install some driver when booting. Only Avast was able to find them…
What real admin I need to hire? Could you please give me more info’s?
Thank you.
I think the question is, why are you running Windows Server 2008? Are you providing services to users or just running a no-cost OS?
system
13
I’m running VPS and there is Server 2008 installed.
Pondus
14
for help, attach the requested logs
system
15
Hello
I sent you a PM.
Thank you.
Eddy
16
Attach the log files to your post here.
system
18
Hello
that’s 3 txt files inside ZIP archive, nothing else. Do you have other option where I can upload the file? I can not post my log files to public.
TDSSkiller was not found anything but it can not install boot driver, just like MallWarebyte and other I try. I suppose it is because of virtual file system?
I can not install any fresh image because I have running programs, database etc. I’m aware that I can move them to new VPS but if possible, I will try to clean current system.
I reinstalled Chrome many times, it does not work. Chrome is not important at this moment.
Thank you for any help.
system
19
Does anyone want to help?
I can send log files on PM.
Thank you.
I will look at the log files PROVIDED my malware scanners say the file(s) are safe. What scanner produced these logs?
