I’ve been reading some stuff about MBR rootkits lately and came across mentions of aswMBR. This utility provided by avast is often suggested (in this forum, for instance) for scanning for MBR rootkits and (ideally) removing them by replacing the MBR.
My question now is: Does aswMBR detect (!) anything that the installed version of avast! Free does not detect?
I’ve read in an old thread in this forum that avast! scans the MBR when “All harddrives” are scanned. So would avast! be able to detect the same rootkits (possibly in the MBR) as aswMBR would, but avast! would give less detailed information / not be able to replace the MBR / try to fix this kind of rootkit? Or does it scan differently / for other things as aswMBR (in which case I wonder why that would be?)?
I found pretty much the same question asked on superuser.com in 2011 and users there guessed that avast! and aswMBR would detect the same infections, but there was not definitive answer by an avast! official and I’m curious.
From experience AswMBR will generate a dump of the MBR for analysis and also has the ability to replace the MBR and cure some specific bootkit type viruses. If it cannot cure them it will give an indication of where the problem area lies.
An Avast scan may not detect the actually rootkit/bootkit in operation but will block and alert when the virus tries to call home.
Due to the nature of this type of virus dedicated tools are required which will not be available within the main AV, purely due to the variable nature in the way that the infections are operating
From what you wrote, I understand that aswMBR brings some additional functionality relating to rootkits / MBR rootkits, like giving more detailed information on the MBR state and offering to replace the MBR, which avast! cannot provide itself.
I’m not sure if my main question is already answered, though: When aswMBR scans the MBR and when avast! scans the MBR (which it apparently does when “All harddrives” are scanned, according to this old thread in this forum), would they both detect the same rootkits, if there were any they could detect?
So are avast! and aswMBR both able to detect the same things, but only aswMBR can give more detailed info and try to fix it? Or does aswMBR search for different rootkits or using different definitions, so it would detect more/other rootkits than the MBR scan by avast! could?
Does anyone know the answer to this question and could comment on this issue? I’d very much appreciate it!
They will both detect the same rootkit on a bootscan with Avast. But, there are some bootkits that create a hidden partition with a dummy MBR being displayed for Antivirus programmes running normally
AswMBR will see through this but Avast may be suckered