Rootkit detected question

I had a warning message that avast detected a possible rootkit infection and recommended I delete (not during a scan). I did so but I can’t find and log or record of this activity. I’d like to look again and see the files that were removed and get them back if this was a false positive.

Any way to to find what was removed and what virus was possibly at work?

Thanks

Still wondering if this was real and what was removed.

Any help would be appreciated.

Have you ran a scan? I would recommend running a “full system” scan using default settings. If you use a custom scan set the rootkit setting to “quick”. Another thing…set the heuristics to normal and sensitivity to normal also.

I ran a boot scan (as the warning recommended after removal) and nothing showed up at all.

Thanks for the reply and suggestion. Do you know how I can fine what actions were taken since this was not found during a scan and not in a log?

I would say you probably had a false positive. Or maybe you had the wrong settings. Either way I wouldn’t worry about it since the scan found nothing. One thing you didn’t indicate whether or not you ran a “Full System” scan using default settings. If you haven’t done so I highly recommend doing so. You have the option of selecting “actions” by clicking “settings” for each scan and shields. I would leave the “packers” at the default setting. :slight_smile:

That’s what I was thinking (false positive), but I got to wondering what I deleted.

I did run a full scan in addition to the boot scan (which is full isn’t it?).

Thanks for the suggestions.

The anti-rootkit scan runs about 8 mins after boot.

Check the rootkit scan log:

C:\ProgramData\Alwil Software\Avast5\log\aswAr.log

Although this may have been overwritten since then…

Generally I wouldn’t delete initially, but investigate more, to find out more about the true nature of the file.

I had a aswBoot log but not the one you mentioned, and it was from some time ago, not the other day for some reason.

Everything seems to be working fine. I was just concerned about what I seemed to have deleted. I’ve never ran into a rootkit before and did what was suggested out of fear of what could happen.

The boot-time scan runs before windows has loaded. Usually it is a thorough scan. I would follow SPG Scott’s advice and not delete but “send to chest” instead. :smiley:

The chest was what I wanted to do, but that wasn’t an option for some reason. Delete or no nothing was it.

Sorry, I should have asked what actions do you have on each of the real time shields? You are given the option of ask, move to chest,etc. The only action recommended on the web shield is “abort connection”.

That alright–I appreciate the suggestions.

I don’t recall what aspect of avast saw the problem (Behav Shld, File, etc.) I don’t think it said.

On the Real Time Shields I have the default settings (ask–except for Web shield).

Are you talking about the boot scan or another rootkit scan that just happens normally? If a non-boot scan, does it only run after a boot (meaning if I boot once a week it will only run then)?

Thanks

It happens on every boot (it’s not the boot scan), 8 minutes after boot.
It runs only after a boot.

Thanks!

Sorry for not knowing that, but I don’t remember reading anything about that scan.

Yes, it is there, and the only setting I know of for it is in settings-troubleshooting-Enable rootkit scan on system startup

This has been there since 4 I think.

NO need to be sorry, this is what the forum is for :slight_smile:

Hey I just had the same problem with a rootkit detected coming up while installing nvidia graphics drivers, the file it deleted was C:\Windows\system32\Drivers\nvBridge.kmd

Likewise I can find no trace in the log files of Avast rootkit detector ever running although it does show logs of the boot time scan it made me do with nothing detected.