I have a potential disaster on my hands. I upgraded my desktop (Win 7 Pro x64) to Avast 7 Free a few days ago, and almost immediately, it reported a rootkit. The screen that popped up cut off the name and location of the rootkit. I let it delete and boot time scan, and the boot time scan reported nothing, but there was absolute mayhem on my system…many things no longer worked. I was going to restore, but discovered all of my restore points were wiped out. To reimage would require media I didn’t have…I got that machine from Office Depot on sale, and apparently they had upgraded the machine from Home Premium to Pro, and sold it to me as Pro, while what was on the recovery partition was Home Premium. I have a fledgling online business that requires daily attention, so I couldn’t be down, and went and bought a brand new laptop (Win 7 Home Premium x64) yesterday and spent all of last night getting it set up, which included installing a paid version of Avast 7 (full suite), other utilities I use, and starting to remove OEM installed crapware.
This morning, after using the new laptop for about an hour, up pops the same rootkit notice, again unreadable. I let Avast do its thing, and am not yet sure if there’s mayhem on this machine, too. I haven’t even had time to make the system disks, and this one has no restore partition, so if I’ve got damage here, too, I may just have gone out of business. I can’t find the Avast log files to get more information. The single point of contact between these machines is the files in my Dropbox, which I scanned thoroughly using a third machine (Vista, 32-bit, identical access to the Dropbox account) with Avast 7 before touching it with this new laptop, and it scanned as clean.
I had Malwarebytes Pro on the desktop system, and it said everything was clean. I downloaded and ran Malwarebytes (full trial) on the laptop, and it also reports clean (log attached).
Avast does not like OTL. It wants to put it into the sandbox. I forced it to run normally. Logs are attached. Ran aswMBR.exe, log and MBR attached.
However; Since you are new to the forums, I notified Essexboy to help you in your OP. Now you openned a new topic here. Go to your OP and attached the logs there. Essexboy is monitoring that thread to help you.
Sorry, I’m not sure what happened… I posted originally in General because I wasn’t sure a possible false-positive rootkit issue belonged in with viruses and trojans. Following reading the instructions post you linked me to, I thought I copied, updated and reposted in the viruses forum with the logs attached.
The only new behavior I have to report is that 8 more Windows updates popped up last night and took an astonishing 2 hours to complete and shut down. This is a brand-new Toshiba Satellite L775D-S7132, on which I have installed only Avast, Advanced System Care, Firefox, Pokki (utility toolbar), Skype, Malwarebytes, and the diagnostic utilities mentioned in the instruction email. All but the diagnostic utilities are “old friends” that I use on my other two systems, including the Vista x86 box that has remained unaffected. Sometimes this new laptop runs like a Pentium 2 with 512MB of RAM.
One other symptom: I noticed this morning that some shortcut icons have disappeared, replaced with just the default icon. I noticed this same behavior on my x64 desktop following the “rootkit” removal. The more I think about this, the more I think that there never was a rootkit on either machine and that the new Avast is misidentifying files vital to x64 systems. I hope I am wrong. I’ve been an Avast user and advocate for many years.
Why is this post now showing up in the avast! Distributed Network Manager forum? I did not move it there and it doesn’t seem to make sense for it to be there. ???confused???