New version finds rootkit hidden files - can't delete & nothing else does

Avast Free Antivirus / Premium Security
41

Interesting indeed. :slight_smile:

Could you please try doing the following?

Go to My Computer, right-click disk C: and choose Properties. Go to the Tools page and click the ā€œCheck Nowā€¦ā€ button.

Click Start, and let the operation complete.

Does it report any problems?

And if you re-run the scan after this, does it still find the ā€œrootkitsā€?

Thanks
Vlk

42

Hi there,

Just did the disk check as you asked and no problems - ā€˜Disk check completeā€™. Will re run Avast scan and let you know! When you say ā€˜interestingā€™ does that mean good interesting or bad (youā€™re full of nasty viruses) interesting?

Cheers,

Christine

43

Grrrrā€¦ok, just finished the Avast scan and itā€™s exactly the same; the pop up saying suspicious files (the rootkits) have been found using the heuristic method and asking me to reboot, then the pop up appears informing me thereā€™s a virus in the memory.

Nothingā€™s changed iā€™m afraid! >:(

Night night allā€¦

Christine

44

Hi Vik,

I have been reading your latest suggestions. Would it be useful if I also sent you the resultant file?

Gerard

45

Hi gcon60,

I donā€™t know how proficient you are with computers, but if you can handle the command line, Iā€™d be grateful if you could do the following:

  1. download http://public.avast.com/~vlk/avar.exe and place it to a directory
  2. start cmd.exe, go to the directory where you placed avar.exe and run the following command

avar.exe -a -f c:\ >avar.txt

  1. when the command completes (may take some time, roughly 10 minutes or so, depending on the size of your C: drive) send me the resulting file avar.txt (by email).

Thanks
Vlk

46

Vik,

I have emailed the avar.txt file - good luck. I know, not luckā€¦but ā€¦SKILL.

Gerard

47

Great, thanks for that.
Could you please also send the scan log? (so that we can match these logs together)?

Thanks
Vlk

48

Hi all,

So is there a verdict on this yet? Are we clean (and can i carry on with my internet crimbo shopping?!) or full of 'orrible nasties? :o

Cheers guys,

Christine

49

Iā€™m having the same rootkit issues here. Is progress being made on how to solve this?

50

My computer is been acting weird, in fact ewhen i turned it on a couple of days ago, rebooted my windows XP to a few years ago, I lost all my info .
I ran and antivirus today and it froze when i came back on the log I found that every 2 seconds it has found ā€œrootkit: hidden fileā€ has been found inā€¦actually in many places
I could not complete the scam because it froze after an hour running
Is this a real threat or just something else.

51

anjana, some recent hidden files detections were false positives. Update your avast and check if the problem persists.
If so, can you say what is the infected file name, where was it found (C:\windows\system32\infected-file-name.xxx)?

52

Vik,

I still get a load of rootkit hidden file comments when I run a thorough scan. This afternoon a single file report popped up without having to run an Avast scan at all. I did the usual; ignore, reload and run bootscanā€¦ as before, NIL found.

Are you any nearer finding the problem with this? I am going to revert back to version 1229 to avoid rootkits in the meantime, unless I can do any more to help.

Regards

Gerard

53

I update automatically regularly.
i also get a load of rootkit hidden file comments when I run a thorough scan .
i run the scan again last night,and again after an hour it froze.
for the first hour every second or two this came out:
ā€œrootkit hidden fileā€ has been found inC:\WINDOWS\softwaredistribuition\download\59fc8f12b80caa9911ā€¦

then this come out:
Sign of ā€œrootkit hidden fileā€ has been found inC:\WINDOWS\SYSTEM.CB\mapi32.dll"file
Sign of"rootkit hidden file" has been found inC:\WINDOWS\SYSTEM.CB\MAPISRVR.EXE"file
Sign of"rootkit hidden file" has been found inC:\WINDOWS\system.ini\mapi32.dll"file
Sign of"rootkit hidden file" has been found inC:\WINDOWS\system.ini\MAPISRVR.EXE"file

thanks!

54

Itā€™s still happening to me too, and iā€™m getting a bit fed up of it. Was anything found when i emailed the log?

Thanks all!

Christine

55

Did you update to the latest virus database?

56

yes, I didā€¦

57

Do you have an Acer computer?

58

I have an Acer laptop although I donā€™t see what that has to do with it as I updated another Acer last week to 1296 and it was fine.

Gerard

59

Some Acer computers are affected by a bug (in avast or in Acer, we donā€™t know yet).
Disable rootkit scanning in the Troubleshooting tab of program settings as a workaround.

60

Interesting! My Acer has co-existed with the Avast program for several years now and works fine with version 1229, so I guess the bug is in 1296.

Gerard