I’ve just got a rootkit alert seconds after Windows Update completed installing KB2735855 (System update), KB2736233 (ActiveX), KB80830 (Malware removal) and KB915597 (Definition Updates).
I said “ignore”, and then proceeded to reboot the computer to finish the updates.
I suppose it was a false positive? I’m fairly sure my OS is clean.
Also, I can’t seem to find any log of this detection to post here…
EDIT: Just finished a quick scan with 0 detections. Avast, what’s gotten into you?
I suppose a full system scan wouldn’t be necessary to detect an active rootkit?
Oh well, I think I’ll pass, these full scans take forever.
Everything in this computer is always up-to-date, and I know what I’m doing (computer science undergraduate), so I’m guessing avast’s heuristics got confused there somehow…
avast Anti-rootkit was running at the EXACT same time as Windows Update replaced a critical file. avast AR asked Windows what file was supposed to be running, but because WU just changed it, it read a different file and that triggered the alert.
Now it doesn’t trigger anymore because the new file is already registered.
This update might be the reason to false alert: http://support.microsoft.com/kb/2735855 (Windows Filtering Platform Update for Windows 7), because Avast Web Shield uses Windows Filtering Platform. At least I think so.