I recently downloaded Avast! and so far I love it. After the first pre-boot scan it found one suspicious file upon startup. The recommended action for it was to “ignore” so that’s what I did. However, I’d like to see what that file was again (and possibly just delete it). Is there a way I can find that ignored filed and “unignore” it? I’m looking for some kind of exclusion list or something but can’t find it.
That seems to be the report file for the initial pre-boot scan. It does not contain the information I am looking for; sorry for the confusion. The issue I’m dealing with is a file that it found after the pre-boot scan, right after it booted for the first time. It found a file (I think) with the hueristic method and asked me what I wanted to do with it. This was in a pop-up window and had two options: Ignore or Delete. I chose Ignore but would like to see details about where that file is now.
That does appear to be the file I’m looking for. However, it only has the log from today’s scan. The scan I’m looking for is from about 10 days ago.
Is there some way I can see what files are included on the RootKit exclusion list? Shouldn’t the file in question have been put somewhere like that? (There should be only this one in the list, since it was the only one I chose to ignore.)
This log isn’t appended but replaced as it would quickly grow very large. So unfortunately you only se data for the last scan.
I’m not sure if this Ignore is something that gets carried over for every anti-rootkit scan or just that one. If it isn’t then the detection may have been corrected in a VPS update, though there is no way to tell without information about the detection. So we are unfortunately in the chicken and egg scenario.
As for your planned action of if you could un-ignore it and delete it next time it was detected, that would really be even worse than the situation your in. Deletion isn’t really a good first option (you have none left), ‘first do no harm’ and investigate right away not 8 days later.
To be sure you haven’t got anything malicious hidden, you could run some other anti-rootkit tools.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
Thanks for the help. I downloaded and installed Panda Rootkit Cleaner. It didn’t find anything, which is great, but how do I uninstall this program? It doesn’t show up in Add/Remove Programs and I also have Revo Uninstaller which doesn’t show it either.
Any help removing Panda Rootkit Cleaner would be much appreciated.
It is a stand alone application, you should be able to just delete the location you put it.
Now you use the next application and if that finds nothing, run the next one. If nothing is found then you can be reasonably confident there isn’t a rootkit on your system.
The driver looks suspiciously like something from Symantec though a google search on the file name doesn’t seem to support my guess. http://www.google.co.uk/search?q=symc8xx.sys.
Regarding the original question:
I believe the excluded items are stored somewhere in avast4.ini - so to unignore the file, you’d have to open avast4.in in Notepad, find the occurrence and remove it.
Turns out that the rest of this discussion was extremely helpful so I’m not going to delete it after all, but I really was curious as to where that Exception was stored.