Walked in last night and my wife informed me that Avast had thrown up a rootkit alert which she OK’d to delete.
No idea what the alert said exactly. Recommended a boot scan which I did and also did a Malwarebyte scan. Nothing found.
Can’t find how to see the event in Avast.
The computer seems to be running fine so should I worry?
The same here but when I run the Malwarebytes again after the delete of the rootkit I taste the same rootkit alarm!
Maybe it’s the Malwarebytes!
Have you this anti malware software installed?
if any of you have a malware problem…follow this guide and attach the logs
http://forum.avast.com/index.php?topic=53253.0
and one of you should start a new topic when attaching logs…since helping multiple users in same topic will be chaos
It’s as I said…Malwarebytes doesn’t show up anything untoward and the comp is running sweet. Just wish I could find a way of seeing what it was my wife deleted so I could ask a more specific question.
What was the file name and location of the alert by avast ?
Wish I knew…as I said, can’t find a way to see what my wife deleted.
Whilst it is hard to say what shield/scan detected it, but given it was said to be a rootkit, I would hazard a guess that it was the anti-rootkit scan that runs about 8 minutes after boot, does that sound about right ?
If so then check out this file C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\log\aswAr.log (winXP location), that has information of what was scanned and if anything was detected. However, urgency is necessary as if the system has been rebooted since then, the aswAr.log file will have been overwritten.
The drive concerned is a W7 not Xp.
Did as you suggested but think this is the overwrite of the boot scan as this was yesterday morning.
The summation as follows:
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0
The comp still seems fine and no reoccurrence of the alert.
Appreciate your advice.
You’re welcome.
Unfortunately it isn’t possible to do much investigation now that the information has gone.
So, shold I undertake some sort of an investgative procedure or leave things as they are?
Well you could follow the link that Pondus gave in Reply #2 above, but in all honesty if there are no other symptoms of malware activity (system instability, connections being blocked to malicious sites by avast, etc.), I don’t see it being too fruitful.
As you say there were no MBAM detections and no further avast detections either, I would carry out a watching brief for any further symptoms, etc.
OK will do that,thanks.