OS: Windows 7 [64bit]
User-level: Admin
Avast Version: 5.0.677
Virus Definition: 101006-2
Just got a Rootkit alert popup (this is the second time it’s happened; but this time I got the log before shutting down):
[....] Service wmiApSrv [C:\Windows\system32\wbem\WmiApSrv.exe] Service WMPNetworkSvc [C:\Program Files] **HIDDEN** Service WPCSvc [C:\Windows\System32\wpcsvc.dll] Service WPDBusEnum [C:\Windows\system32\wpdbusenum.dll] Service WPRO_40_1340 [C:\Windows\system32\drivers\WPRO_40_1340.sys] Service ws2ifsl [C:\Windows\system32\drivers\ws2ifsl.sys] Service wscsvc [C:\Windows\System32\wscsvc.dll] Service WSearch [C:\Windows\system32\SearchIndexer.exe] Service WSearchIdxPi [???] Service wuauserv [C:\Windows\system32\wuaueng.dll] Service WudfPf [C:\Windows\system32\drivers\WudfPf.sys] Service WUDFRd [C:\Windows\system32\DRIVERS\WUDFRd.sys] Service wudfsvc [C:\Windows\System32\WUDFSvc.dll] Service WwanSvc [C:\Windows\System32\wwansvc.dll] Service xmlprov [???] Service xusb21 [C:\Windows\system32\DRIVERS\xusb21.sys] Service ZuneNetworkSvc [C:\Program Files\Zune\ZuneNss.exe] Service ZuneWlanCfgSvc [C:\Windows\system32\ZuneWlanCfgSvc.exe] Service {25C9720F-3678-421C-A8C6-ACB69C454F74} [???] Service {E75492E0-081E-4A11-AB2C-733F3FFDF85A} [???] Service {F01E00DD-79F1-4364-B2EA-743B0F3D9805} [???]Scan finished: Thursday, October 07, 2010 12:31:00 AM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 1
Hidden boot sectors found: 0[…]
As you can see Service WMPNetworkSvc [C:\Program Files] HIDDEN is the only one marked “Hidden”; a search for “HIDDEN” confirmed that the afore mentioned service was the only one with that flag [BTW: long log; didn’t feel I should post it all]. Doing a search reports that “WMPNetworkSvc”* is part of the Windows Media Sharing service.
So, for some reason the WMP service will occassionally trigger the Rookit Alert. I’ve booted my system at least 20times since I first posted the first alert. So it’s some kind of random thing…
