My apologies in advance – I have searched for this on the board, but I’m afraid I really just don’t have the background to understand what I’m reading. I know the basics about my computer but not the details, so I am very confused about whether this is a real virus and what, if anything, I need to do.
I am running Vista Home Premium with SP2, 64 bit. I have the free version of avast, latest version (I’m pretty sure - I update regularly), and I ran it last night. It came up with only one problem, which it said was high-rish and gave me the following info: “Threat: rootkit: system modification.”
Thing that confuses me is that this is what the threat is:
C:\Windows\Prefetch\AVAST.SETUP-3DA1C849.pf
I understand (vaguely from what I read after searching) what prefetch is, but beyond that, I’m lost. Do I have a deeper problem here, or is this a false positive?
The only thing I’ve done recently is install, finally, IE 8 (NOT 9).
If anyone could help me, I’ll be very much obliged! I am discombobulated and don’t want to shut down or change the avast results screen until I know what I’m dealing with. ??? ???
I really have no idea why it would alert on this .pf file (not least as it is an avast related .pf file) and also in relation to being a rootkit, which is essentially not possible.
As you say you understand vaguely that the prefetch function is to collate data on the location of files on the hard disk so that they can be loaded quicker. the actual .pf file isn’t a copy of the original file, just information about it an its location on your hard disk.
The avast update process is called avast.setup and this is what this is about, so I would certainly say this is most likely a false positive detection, which you should sent to avast for analysis, see #### below.
What scan were you doing Quick, Full System or Custom scan ?
Allow avast to send it to the chest, that won’t cause any harm as the .pf file would be recreated in due course and you submit it for analysis from the chest.
Send the sample/s to avast as a Undetected Malware:
Open the chest, avastUI, Maintenance, Virus Chest. Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit (see image example, click to expand), the file will be uploaded during the next update.
And then Ad Aware crashed after more than three hours of scanning. >:(
I am ready to upgrade to Windows 7 anyway and maybe the simplest thing to do is wipe my hard drive, install the new OS, and add my things in gradually.
What you can do first is run commands as Admin, and make all system files visible in Vista,
like:
Click the round blue Start thing in the left corner
Click Control Panel
Click Folder Options
Click the View tab
Click Show hidden files and folders
If you want to see system files as well, unclick Hide protected operating system files (Recommended)
Click OK
Now download RSIT from here: http://images.malwareremoval.com/random/RSIT.exe
download unto the desktop.
Close all Windows and Programs, also your Browser.
Doubleclick to start RSIT.exe.
Click Continue, to accept the user policy.
If HJT is not available it will be downloaded for you.
The Scan will start automatically, RSIT will check important System-data and will produce log files.
After the scan two logfiles are being openened.
Post contents of C:\rsit\log.txt and C:\rsit\info.txt as an attachment to your posting,
You could manually add it to the chest and then send it to avast:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see previous image, but select Add).
Personally I wouldn’t give AdAware hard disk space it is many years ago when it was top of the heap, not it is past its prime despite revamps.
MBAM or SAS in my signature are both better (and have different features), the free versions are on-demand scanners.
See previous comment on AdAware, this for me just adds to it.
Wiping your system is far from the simplest thing and is an option of last resort and not one of dealing with what is essentially a False Positive. What we are seeking to do is get a copy of that file to avast so it can be analysed, the detection signature corrected, which will help you and likely more avast users.
As far as upgrading to windows 7 that requires pre-planing, whilst simply upgrading over the top of your existing Vista x64 OS may be possible, there are many that consider this to be the messy option rather than a clean install of the new OS.