rootkit detection problem

I have a client with Avast 5 free edition and another program named Email Spy Pro running on Windows XP Media Center Edition. You can check out Email Spy Pro here: http://www.emailspy.net/email-spy-pro.html

Avast is detecting part of Email Spy Pro as a rootkit. This, in and of itself, is not a problem. This is expected. The problem is that once detected the files are removed, full stop. The prompt Avast presents me with the option to ignore these files appears to have no effect because even when I tell it to ignore them it instead removes the files anyway. I have attempted to exempt the entire \windows\system32 folder (despite my misgivings about doing so) only to find that also has no effect and even disabling Avast entirely has proven useless.

I need a way to exempt these files from Avast. I was able to do so under Avast 4.8 on this very same computer. Any ideas?

Once you have selected the folder, you can edit the entry in the exclusions, change the /* at the end of the path to /excluded_file_name.exe.

The reason it is having no effect is that the general avast Settings, Exclusions only applies to on-demand scans and it is the on-access scan either the File System Shield or the rootkit scan (8 minutes after boot) that is detecting it, see example images, you don’t make that clear what is detecting it ?

It’s the anti-rootkit. Sorry, if I wasn’t clear.

Thanks for the info regarding exclusions. I’ll keep that in mind if it ever comes up again.

I can see why the exclusions might have no effect… the really annoying part is that when I select Ignore in the anti-rootkit alert window it DOESN’T ignore the files and instead removes them anyway. I can’t imagine this is intended behavior.

Oh and sorry for the tardy response. It’s been a busy week.

You’re welcome.

I would also say that removal isn’t the normal or intended behaviour when you choose Ignore.

Strange, I just tried it (with the Email Spy Pro program), and both the exclusions and the Ignore command seem to work properly…

On Windows XP?

If so then it would seem my clients Avast installation is buggered. I’m open to suggestions on causes/solutions for that too.

I really don’t want to tell my client to migrate away from Avast as… tbth… Avast is the only AV product out there that I trust these days. And I’m worried that moving to another mail spy app will end with the same result.