PID's showing up in scan results after full system scan. no action applicable.

Viruses and worms
1

So I ran a full system scan because my computer has been going slower than normal lately. After a 3hr scan, it found several high severity threats called “PID”(and then a bunch of numbers after). I tried to Move to chest and repair, neither of which worked. It says “Threat: Rootkit: hidden process” under the status. And “Error: system cannot find the file specified. (2)” any help? much appreciated
-nic

2

If you can give some detailed examples ?

My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory, this may be where the PID bit comes in as these aren’t normally displayed in regular detections. Since they aren’t physical files they can’t be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don’t be too surprised if it finds some in memory.

So if you can give some examples of the items in the list and the type of scan you did it will help us to help you.

What other security applications do you have installed ?

3

I have malwarebytes installed, thats the only other security program. Here is the list:
PID 25084
PID 25400
PID 26068
PID 25220
PID 26536
PID 28148
PID 62788

The type of scan i performed was a full system scan. Also, the apply button isn’t greyed out.

4

Posting the PIDs won’t help. :wink:
http://en.wikipedia.org/wiki/Process_identifier
To get rid of these detections: Don’t scan the memory.

5

He said give detailed examples, so I did.
ALSO, I did NOT scan the memory. I did Full System scan. These have never appeared before on a FS scan. Forgive me if I don’t have the slightest idea what I’m talking about, I have very little knowledge of computers in this context.

6

Try doing a screenshot of the scan results window and attach it to your next post.

  • When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt), see image below (click to expand).

  • How to create the screen capture to attach, when the window that you want to capture is the active one, press the Alt key plus the Prt Scr (print screen) key together. That captures the active window (not the whole screen) and copies it into the clipboard.

  • If you have an image editing application you can use that to save the clipboard copy to an image (.gif, .jpg or .png image format). If you don’t have an image editing application you can use windows paint it is basic but should serve the purpose.

7

This is exactly what I did: Full Scan, no scanning memory. and I get PID 12, PID 64128 etc. So is this a virus or a false positive?

8

We really are trying to help, but with the information you give we are totally in the dark.

A PID is of no help to is whatsoever, Process Identifiers are unique to processes/programs and that may change from system to system. The only way to identify this would be to checj the Task Manager, and see what process is linked to that PID.

9

Hello!

I have the same problem with the strange PID alerts showing up.
However, when I try to delete the threats it say that the files can’t be found. This won’t show up on every full system scan. If I run a new scan afterward, non of these threats will get noticed. I think they’ll pops up again after I reboot my PC.

I’ll attach a screenshot. (Since I’m from Sweden I use Swedish as language in this software)
You who are familiar with the software won’t be having any troubles of understanding what everything on the screen says. Although, I will give you a bit of translation just in case.

“Filnamn” = File name
“Hot” = Severity
“Hög” = High
“Ta bort” = Delete
“Fel: Det går inte att hitta filen” = Error: The file can’t be found/Error: The system cannot find the file

Thank you for reading!

Kind regards

10

OK, this is very strange and something that I have never seen before, so I will try and get someone to take a look at it.

personally I would avoid deletion until certain that the detection is good and in this case I wouldn’t delete as nothing is certain.

What type of scan were you doing, Quick, Full System or Custom scan ?
If Quick or Full did you change any of the default settings ?
If a Custom scan, what were the settings of the scan ?

11

Hello, I’m having a very similar problem as well. Whenever I run a scan, it comes up with over 1000 PID rootkits? This scared me out of my pants. Whenever I scan it comes up with the PID rootkits within seconds, and then nothing else for the duration of the scan. Here’s a screenshot of the results window.

http://oi56.tinypic.com/w12wbs.jpg

I just want to know if I should worry or not… I feel like I can’t enter my password or go to my online school or do anything besides search for help on this computer now, for fear of my information or accounts being stolen…

12

Again the same questions as asked in my last post, what scan, settings etc.

Given it is in the 1000s of detections I would say there is something wrong with the scan rather than the system. But as an avast user I can’t give any guarantee.

13

I tried it on full scan and quick scans, both of them on default settings. I don’t know much about computers when it comes to this sort of thing, so I leave settings on default, assuming it knows best.

I suppose I can also mention that I installed malewarebytes to check, and it hasn’t found anything.

I too find it hard to believe I somehow got over 1000 rootkits, but just having avast tell me that is enough to scare me beyond words.

14

I have just run a Quick scan whilst posting some other replies and no alerts on my system (XP Pro). I as part of my regular weekly maintenance ran a scheduled Quick scan (default settings) late last night on both my XP Pro and Win7 32bit systems and again no alerts.

15

Hmm…

Also, I’m curious about something now. When I look at the “Scan Now” tab and look at the Quick Scan and Full Scans, I see that it has set to scan the following areas for Quick Scan: System Drive, Rootkits (very quick scan), Auto-start programs. And for Full Scans it says will scan areas: All harddisks, Rootkits (quick scan), Auto-start programs and modules loaded in memory.

I’m assuming I’m using the default settings, but I’m not positive. Does it say this on yours? And are these like viruses it is scanning for, or are these actual areas of the computer?

(I doubt this’ll affect anything, but I’m mostly just confused by this. I can provide a screenshot if necessary.)

16

Yes, they appear the default settings. The scan is looking for all malware, which includes viruses, trojans, spyware, etc. etc. and the rootkit element is looking specifically for hidden items that may be rootkits.

In the Quick and Full System scan default settings the rootkit check is of a relatively low level, so I’m a little surprised to see this level of activity/depth in the rootkit scan. Have you changed the Sensitivity setting in either of the scans (see image1), Quick is set to Low and Full set to Normal. There are other settings in there and I’m not sure if any of these scan settings might effect the rootkit scan element.

I have set up and run a Custom scan (whilst replying to this) that just does a full rootkit scan on Thorough Sensitivity and that completed without any alerts, image2.

EDIT: I also setup and ran this scan on my win7 netbook and that also reported nothing. There have been two VPS updates so far today latest 111024-1 (these updates can also update engines), ensure that you have the latest update and run the scan again.

So I’m unsure what is going on with your scan, it needs some input from the avast staff.

17

Hmm. I checked the settings and quick scan and full scan settings and the sensitivity for quick scan was on normal and full scan was on thorough, both with use code emulation checked. I tried it on the settings you had in the screenshot, and I set up the same custom scan and I still got the PID rootkit detections.

This is pretty strange to me, I’ve calmed down a bit as I have now come to doubt this is actually malicious rootkits it’s finding. Earlier after I did a full scan in malewarebytes it found nothing. And then after scanning it with a quick scan again shortly after malewarebytes finished its scan the quick scan got nothing. However, right after the quick scan finished I did a full scan, and it instantly got 500 rootkits. (Much smaller number than before.) And every further scan got around 500 rootkits. Not sure what happened to make the number go to 0 and then to 500.

As of right now if I scan it gets around 800 of them every time I scan, the number going steadily up. I’m becoming curious if this is avast detecting itself, somehow? (I’m not sure if that’s possible…) I’ve also noticed that my avast program appears to be behind a few versions… (it’s 5.1.889) I do however have the same virus definition version as you. (111024-1) I have yet to update the program version since it wants me to restart my computer to do so, and I’m still paranoid about restarting it. I guess I should do that, though.

I’ll try to contact the staff about this, I assume I can do that by just submitting a ticket.

18

Update, else we can’t really help you. :wink:

19

That really is something which you will have to rectify, as there is no way we can try to fault find something which isn’t or may not be present in the latest program version.

I suggest do a Program update from the avastUI, Maintenance, Program Update.

Did you have that set to Manual Updates or to Ask ?

20

Hello again! I’ve updated Avast to the most recent version and it’s on a full scan, quick scan, and a custom scan set up to find rootkits… so far it hasn’t found anything! Before, it would find hundreds of PID rootkits within seconds.

My uneducated guess at this point is that since the program version was old and the virus definitions are new, that it somehow detects its own activity as a rootkit. I had googled around a while before making it to this forum/thread, and saw that many people had a very similar problem to mine, and they all happened during this month. So I’m thinking that it has to do with the recent virus definitions and the old program version being incompatible.

Then again, it’s possible that restarting the computer is making Avast say there’s nothing now, and it doesn’t have to do with me updating it. And maybe it’ll come back after being on a bit longer… let’s hope that’s not the case! I’ve gotten enough stress out of this. :stuck_out_tongue: I’ll post again if it comes back, but not if it doesn’t.

I want to thank you both for helping me with this!