Possible rootkit?

Viruses and worms
1

Hello everyone.

Any ideas about this file? As I can’t find any info about anything it might refer to…

2

Well there are certainly some avast drivers in that folder, aswmon.sys, aswmon2.sys, aswrdr.sys and aswtdi.sys in my C:\WINDOWS\SYSTEM32\DRIVERS folder but this doesn’t appear to be anything to do with avast (aswxxx.sys files) nothing like awsrsl4t2.sys in my system.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I don’t know if it is a rootkit you might not be able to upload it.

As you say no google hits on awsrsl4t2.sys (if that is the correct file name) which considering it is meant to be a driver I would have thought there would be some hits.

You could also send a sample to avast for analysis.

3

Nope, I can’t locate this file by myself even with “Show hidden files” enabled…

4

Seems AVG anti-rootkit detects itself as rootkit, as I removed that file, restarted PC, and run program again. It detected the same strange, but other file name. So, I downloaded Panda Anti-Rootkit. It found nothing :slight_smile:

5

There is also an option about showing or rather ‘Do not show hidden or system files’ you may need to uncheck that if you didn’t do so.

6

That is the problem with some of the anti-rootkit tools they often show a lot of information without making a determination that it is a rootkit, just that it is hidden (though that file name and no google hits whould make me suspicious).

Among the more user friendly of the anti-rootkit tools are, F-Secure Blacklight, Panda, AVG anti-rootkit and a new addition, Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp

7

I have AVG Anti-rootkit Free, I ran it erlier this morning & it didn’t detect itself as a rootkit. Never has detected itself as a rootkit on my computer. I checked to make sure it was up to date before running a “in depth search” for rootkits. It has never found any rootkits on my two computers & I hope no rootkits will ever be on my computer.

I used to have Gmer, it never found any rootkits. Blacklight found my computer to be clean.

I’m not bragging, just happy to not be infected. :slight_smile:

8

Checked my system with two other anti-rootkit programs and I can say that it’s something related with AVG, because hidden driver is gone as soon as I close AVG antirootkit.

9

Yes, it is probably OK if 1) it is no longer on your system and 2) no other anti-rootkits detect anything.