I had a warning message that avast detected a possible rootkit infection and recommended I delete (not during a scan). I did so but I can’t find and log or record of this activity. I’d like to look again and see the files that were removed and get them back if this was a false positive.
Any way to to find what was removed and what virus was possibly at work?
Have you ran a scan? I would recommend running a “full system” scan using default settings. If you use a custom scan set the rootkit setting to “quick”. Another thing…set the heuristics to normal and sensitivity to normal also.
I would say you probably had a false positive. Or maybe you had the wrong settings. Either way I wouldn’t worry about it since the scan found nothing. One thing you didn’t indicate whether or not you ran a “Full System” scan using default settings. If you haven’t done so I highly recommend doing so. You have the option of selecting “actions” by clicking “settings” for each scan and shields. I would leave the “packers” at the default setting.
I had a aswBoot log but not the one you mentioned, and it was from some time ago, not the other day for some reason.
Everything seems to be working fine. I was just concerned about what I seemed to have deleted. I’ve never ran into a rootkit before and did what was suggested out of fear of what could happen.
The boot-time scan runs before windows has loaded. Usually it is a thorough scan. I would follow SPG Scott’s advice and not delete but “send to chest” instead.
Sorry, I should have asked what actions do you have on each of the real time shields? You are given the option of ask, move to chest,etc. The only action recommended on the web shield is “abort connection”.
Are you talking about the boot scan or another rootkit scan that just happens normally? If a non-boot scan, does it only run after a boot (meaning if I boot once a week it will only run then)?
Hey I just had the same problem with a rootkit detected coming up while installing nvidia graphics drivers, the file it deleted was C:\Windows\system32\Drivers\nvBridge.kmd
Likewise I can find no trace in the log files of Avast rootkit detector ever running although it does show logs of the boot time scan it made me do with nothing detected.