Avast (I hope it was him) showed me a pop-up on my laptop and on my netbook, telling me that he found a possible rootkit, so i clicked on “Delete it now” and the pop-up was closed after that. I opened the UI and I saw in File System Shield that there wasn’t any trace of any infected item and this is for all shields. The found rootkits it isn’t present neither in the virus basket neither in any protection log…so…this is a normal behavior that he asked me how to do with a rootkit but he doesn’t show me it in any log? :o
On netbook the “rootkits” was called: mbam(somethings).sys ???
Try clicking the Shield log.
Try doing a Boot Time Scan to be sure
Usually when virus is not being able to be moved to the Virus Chest, they are deleted.
Edited :
On netbook the "rootkits" was called: mbam(somethings).syssounds like a FP on a malwarebytes file.......do you have malwarebytes?
According to his sig he does.
Yes I have malwarebytes and the I just found this on the netbook in c:\ProgramData\AVAST Software\Avast\Log\EventLog.txt
AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: MBAMSwissArmy > C:\windows\system32\drivers\mbamswissarmy.sys failed, C000003B.
07/11/2012 20:04:02 AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: MBAMSwissArmy > C:\windows\system32\drivers\mbamswissarmy.sys (*RAW:SVC: MBAMSwissArmy > C:\windows\system32\drivers\mbamswissarmy.sys) returning error, C000003B.
07/11/2012 20:33:03 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: wlcrasvc > C:\Program failed, C000003B.
07/11/2012 20:33:03 AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: wlcrasvc > C:\Program (*RAW:SVC: wlcrasvc > C:\Program) returning error, C000003B.
07/11/2012 20:34:27 Internal error has occurred in module basSubmitFile failed! , function 0000007B.
07/11/2012 20:34:32 Internal error has occurred in module basSubmitFile failed! , function 0000007B.
07/11/2012 20:34:46 Cannot delete file during super quick scan…
07/11/2012 20:34:58 Cannot delete file during super quick scan…
and on laptop the Boot Time Scan haven’t found nothing as a complete scan with mbam
Similar problem I think
http://forum.avast.com/index.php?topic=104669.0
http://forum.avast.com/index.php?topic=98405.0
No need to worry about it I guess
Quote:
Please open Malwarebytes Anti-Malware and begin a scan (it can be a Quick scan or a Full scan, your choice) and while the scan is running, mbamswissarmy.sys should be present in C:\Windows\System32\drivers. MBAM simply removes the file when it isn’t using it and then replaces it again when it is using it for a scan.
http://forums.malwarebytes.org/index.php?showtopic=100877
Edited : More info
I get that message at one or more of my five computers.
Boot scan shows nothing every time.
I’ve had recurrent rootkit warnings with the following: C:\Program Files\EVGA Precision>RTCore32.sys & RTCore64.sys. EVGA Precision is the monitoring/overclock app for my GPUs. Subsequent scan reveals clean bill of health, but will pop up again a few weeks later. Behaviour shield?