False Positive alarm?

Avast Free Antivirus / Premium Security
1

Hi there…Avast 5 Free Ed on a fresh install of Vista 32 bit displayed Rootkit Found, while trying to figure the Service Nero backUp…it said Rookit hidden in service…ignore/delete…I really didn’t know what to do…my questions are…why didn’t it detect it on a boot scan…the service is still there…when I open it don’t get the message again…if there was a Rootkit that got deleted, would there be any log of it…strange…Hoping to hear your views. Thanks!

2

Without information, how can we comment ???

What was the file name and location of the detection ?

This I believe is considered Suspect rather than Infected is it not (and Ignore is the suggested action) ?

  • “A suspicious file has been detected (using a heuristic method). This may be a sign of malware infection. Please allow the file to be submitted to our virus lab for analysis.”
3

It said “Rootkit hidden in Nero BackUp Service”…that was the location.

4

NB Service…C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

5

upload the file to VirusTotal www.virustotal.com when you have the result copy the URL in the addressbar and post it HERE

6

@ Pondus
I don’t believe VT will find anything as it doesn’t use anti-rootkit scanning, just bog standard signature scanning.

@ Yezinki
Presumably this has been on your system for some time ?
See http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=NBService.exe which indicates that it is a legit location, but that is no confirmation the file and its use are clean.

I don’t know why Nero would require a hidden service to run the Nero BackItUp though.
What happens if in Nero you disable this BackItUp function (what exactly does it do) ?

Just click the Ignore button and critically allow it to be sent for analysis.

7

maybe for the reason that it hide itself to protect it from direct deletion, user is very curious if there something they saw that they don’t understand they delete it. so what happen if that files is not hidden? ::slight_smile:

8

But why in an application that has nothing to do with security, which can be reinstalled, etc. it shouldn’t need to run as a hidden service.

9

I must have deleted it casue I don’t see the ND Service.exe file in the location…when it was detected I got the option of Delete & Ignore…would I need to uninstall & reinstall Nero?

Thanks!

10

Well I don’t know what the Nero BackItUp function does and the NBService.exe file in particular, so I can’t really say. But if you don’t use the Nero BackItUp function then I wouldn’t have thought it necessary to reinstall Nero.

If you use Nero regularly and a function reports the missing file, then you may have to reinstall to recover the file if it doesn’t allow what it is you are trying to do to run.

11

Thanks DavidR for expressing your expert views.

12

You’re welcome, hardly expert views in this case as I don’t use Nero on this system (haven’t used it for a few years) and am not familiar with it.

13

some notebook companies do integrate their software also in root. like some progs from asus. i had a fp from avast with that. why they do it, i don’t know…

14

But Nero has nothing to do with notebook companies. When you install the software ‘it’ and not the notebook company determines how its services run. This is still true even if Nero is installed by the manufacturer rather than the user installing it.

15

true.
but i had some root dvd-related things on my c: even without any cd/dvd-drive in my notebook.
funny, isn’t ist… :wink: