Avast found high severity rootkit, in doss mode after restart, what to do?

Avast foumd several high severity rootkits in regular scan mode. I couldn’t move them to the virus chest, delete or repair the infected files. I restarted the computer and Doss scan mode for avast kicked in asking me several options to either delete, delete all, move to chest, move all to chest, repair, repair all, ignore, or ignore all. Which option do I choose to get rid of these malicious files?

Do get rid of them i think you should delete them or when not possible (Some rootkits are infecting files, they dont create new ones, so you would destroy the system)
if you want to be sure choose repair.

It would be good when a malware remover looks over your system.
Please post a new topic under viruses and worms and do what is shown in this thread and attach the logs
to your post in the new topic, after that malware removers will be notified.

Forgot to put in the link: http://forum.avast.com/index.php?topic=53253.0

PS:Welcome to the forum. :wink:

Thank you for the information! However it would not let me choose any of the options you mentioned from the Doss menu, either. I am now attempting to utilize a different restore point and then run another scan to determine further. I could have had tech support go in on remote and remove it but it would have cost me large sums of monies that I don’t have right now. Any other suggestions?

Thank You so much for your quick response and welcoming me! I REALLY APPRECIATE IT!!

I could have had tech support go in on remote and remove it but it would have cost me large sums of monies that I don't have right now.
the help here is free....and they dont do it Remote

just follow the guide http://forum.avast.com/index.php?topic=53253.0 and attach the requested logs…not copy and paste

run in order listed AdwCleaner / Malwarebytes / OTL / aswMBR

when done help will arrive…

you may also attach a screenshot of the avast scan result

@ Magic Man 1
What was the file name, location and malware name given in the alert ?
You should be able to access that information from the avastUI > Maintenance > Scan Logs - you may need to expand the column width to see the full path.

@ Steven Winderlich
Please don’t suggest deletion or any other action until you have determined the facts of the detection - first do no harm.

DavidR, i will appreciate it.

A rootkit is not funny, its almost the badest thing that you can get on your system, except file infectors.

No a rootkit isn’t funny, but neither is deleting a file if the detection isn’t good, there are many legit drivers, etc. that could be incorrectly seen as a rootkit. So we have to gather information to ensure that isn’t the case.

Thanks for all the help that all of you have given me, a couple of things here that I would like to mention though, first I give you guys all the credit for the knowledge that you have as I am not at this level, so please be patient if I don’t understand all that you are saying! With that being said I ran a safe mode option and am running another scan with avast to determine what the name is of the virus/rootkit/etc… Also, I do have IOBit Malware on this computer already. I don’t know how this could have happened but it is what it is. I will let you know what the result is after the scan and we can go from there. Also, Steve as you suggested I started a New Topic under Viruses and Worms. You may post your replies either here or there. Either way, thank you to all of you for ALL YOUR SUPPORT!! :smiley: ;D

MM1

P.S. How do I attach everything from this log to add to my new topic request?

This is one of the reasons why we asked about file name and location, which is more important when you say you also have IOBit Malware installed.

It is possible that avast is detecting its unencrypted virus signatures and why avast can’t do anything, the file/folder, etc. may well be protected by IOBit Malware.

Personally I would advice uninstalling IOBit Malware as there are many topics relating to this companies prior business practice/ethics.

By starting a new topic unfortunately you isolate a lot of information contained in this topic, that could cause duplication of effort and questions/answers covered again.

Logs (and or images) can be attached by using the ‘Attachments and other options’ link in the Reply window.

Okay, this is the latest action that I have taken in the step by step process that I have been given. Please see attached. Thanks again for all your help regarding this matter.

MM1

Hi and welcome…I see that you are already being helped by Essexboy. Stick with him until he gives you the “All Clear”. Thanks!! :slight_smile: