Avast Scan found rootkit in temp file (updated with OTL log)

Viruses and worms
1

Hi all,

I ran a full system scan with the 100220-1 definition and the scan found a rootkit in my windows temp file. However, it says error the system cannot find the file specified (2) so I cannot even move it to the virus chest.

the file that seems to be infected is c:\windows\temp\asw_aisI.tm~a04660
How do I get rid of this rootkit? I also ran another scan earlier in the day and it did not find this rootkit? Can it be a false positive?

Thanks

2

Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run cuick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

3

Hi,

I did a full scan on avast again and it did not detect the rootkit which is weird because it was avast that found the rootkit in the first place.

I also scanned with superantispyware and it did not find anything either.

Since the infected file is a temp file, I cleared out my temp files. Could it be that I deleted the file already is would the rootkit still be in the computer but it’s hidden really well?

Also I scanned with sophos anti-rootkit and threatfire as well. Each of these were scanned separately so they shouldn’t have conflicted each others’ results.

Does anyone have any clue what’s going on?

I scanned with malwarebytes and nothing came up as well.

Malwarebytes’ Anti-Malware 1.44
Database version: 3770
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/21/2010 10:56:52 AM
mbam-log-2010-02-21 (10-56-52).txt

Scan type: Full Scan (C:|D:|F:|G:|H:|I:|)
Objects scanned: 238061
Time elapsed: 32 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4
Does anyone have any clue what's going on?
If you follow this guide from Essexboy and post the OTL log here so he can have a look Essexboy is the malware remover expert

http://forum.avast.com/index.php?topic=53253.msg451454#msg451454

5

OK, so I followed the instructions from essexboy and used OTL. I’ve pasted and attached the OTL and extras log.

So far nothing is wrong with my computer and I’ve used malwarebytes, superantispyware and avast and nothing came up on those, so hopefully the rootkit is gone, or maybe it was just an error or false positive from that one avast scan that did find the rootkit.

Thanks!

6

Have sendt Essexboy a PM

7

thanks for your help pondus! but the forum is not allowing me to send personal messages :-[

8

you need 20 posts… :wink:

9

Hi - that looks good, having a 64bit system saved you from grief - as malware writers have not yet found a way into it

If you have no problems then you appear to be clean ;D

10

thanks a lot! but do you know why avast scan detected the rootkit in the first place? i’m just curious :slight_smile:

11

Are you running AIS ?

As the file looks to be an Avast one c:\windows\temp[b]asw_aisI.tm~a04660[/b] ???

12

yes i am running AIS. i just thought it was so odd, and since avast scan says that the system cannot find the file specified i just didnt know what the rootkit was or where it was coming from. :frowning: