GMER FP?

Viruses and worms
1

Hi, everyone.

I updated to avast v8 today, then GMER hit on the following hidden files. I believe these are legitimate avast files, but GMER never hit on these files when I used older versions of avast.

Thanks in advance for the assistance.

DJB

GMER 2.1.19115 - http://www.gmer.net
Rootkit scan 2013-03-03 14:52:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.03.0 465.76GB
Running: xsy3llyu.exe; Driver: C:\Users\Doyle\AppData\Local\Temp\ugloapod.sys

---- Threads - GMER 2.1 ----

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3288:2828] 00000000751d7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3288:3660] 00000000680e0cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3288:2756] 0000000077982e25
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3288:6824] 0000000077983e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3288:13664] 0000000077983e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3288:1328] 0000000077987111
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3288:2184] 0000000077983e45
Thread C:\Windows\System32\svchost.exe [6300:6184] 000007fef1669688
Thread C:\Windows\SysWOW64\ntdll.dll [8400:7272] 00000000620c5b52

---- Services - GMER 2.1 ----

Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk ← ROOTKIT !!!
Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt ← ROOTKIT !!!
Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [SYSTEM] aswRdr ← ROOTKIT !!!
Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt ← ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx ← ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP ← ROOTKIT !!!
Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi ← ROOTKIT !!!
Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm ← ROOTKIT !!!
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus ← ROOTKIT !!!

---- EOF - GMER 2.1 ----

2

Well GMER is an analysis tool it doesn’t remove anything as such, so not really a detection. It just reports its findings and someone has to analysis and in this case it would be that these avast drivers are hidden for a reason.

3

Hi,

Improvements in “avast! self-defence” module caused these FPs. It will be fixed in next GMER update.

Thanks

4

Thanks for the feedback.

5

Thank you, both. I appreciate it.

DJB