Hello. I apparently may have a rootkit. HOWEVER! I have had this happen before, the file that Avast! thinks is a rootkit is the “mbamswissarmy.sys” which is a MBAM file correct?
I did a up-to-date MBAM scan before the Avast! warning and it found nothing.
This is a false alarm? I’ve had this happen before a while back.
Uh-oh I chose “Delete” when the Avast warning popped up because I panicked, will this effect MBAM in some bad way?
EDIT: Hm, I accidentally tried to attach the wrong (and large) picture so I was resent back to “Post a New Topic Page” however, it wouldn’t let me type, cut, paste. But it did let me refresh the page. Is this a sign of malware?
Is this a false positive? This has happened to me before. Same file and everything.
I deleted the file out of panicking, it is a MBAM file correct? So will this negatively effect MBAM?
NEW IMPORTANT QUESTION: 3. I found malware quarantined in Avast’s virus chest that I did not quarantine with Avast! However, if you check my last topic, the files that are quarantined in Avast’s virus chest is the malware I quarantined with MBAM a few days ago (It was called “Tpv.exe”). However, there are more malware in there (Avast’s Virus Chest) that has similar names to Tpv.exe and they are called “Tpw.exe” but both malwares are from the same place. I put a picture of this below.
Does MBAM and Avast share the same quarantine “box/chest”? Because something I quarantined with MBAM is now in Avast’s Virus Chest. (And I supposedly only quarantined ONE thing, not 8 things with half of them named the same thing (4 are named Tpv.exe and 4 are named Tpw.exe)?
P.S.: The blanked out black box in the picture below is just to hide my name
Its probably false, can’t say for sure now that its deleted though. Couple other posts the last day or two ended up pointing to this being false.
If it does hurt Mbam, worst case is a re-install of it.
Instructions for removing Mbam below, if needed, then re-install it http://forums.malwarebytes.org/lofiversion/index.php/t48511.html
As far as whats going on with Mbam’s quarantines in Avast!'s chest, I have no idea.
On a side note, I see you have WindowsDefender in your sig, that might be over-redundant since you have Mbam Pro already. Its going to do everything WD does, and more, but better.
I don’t have the professional/Official/Pro/Bought version of MBAM.
But what do you mean by “Its probably false, can’t say for sure now that its deleted though”?
Is it really maybe a rootkit? Can rootkits infect the mbamswissarmy.sys file? (Or any file for that matter)
And will running MBAM with a missing file hurt my computer or mess something up somehow?
Sorry double post:
I looked at processes on the Task Manager and noticed one I haven’t seen before (Well I could have forgotten it): iaanotif.exe
Is this safe? I researched it but only googled it and read the results. But is this safe?
I also attached a picture of my task manager so you guys can check it out.
Sorry, I’m kind of freaked out about malware lately.
Also, once again, I blanked out my name. Sorry about the big black box on the attachment.
As per the links I showed you, not all rootkits are bad.
Give them a read when you get time. Basically, it is what a rootkit does that makes it evil, not what it is.
I’ve seen this detection twice, maybe 3? times here last couple days.
here is 2 of them>>http://forum.avast.com/index.php?topic=60801.0 http://forum.avast.com/index.php?topic=60915.0
By all means reinstall Mbam, its relatively quick/hassle free unless you have dail-up or slow connect, or wait for someone more knowledgeable to tell you if its vital or not, I cant say for sure
Google the process, if you are worried, find out what program its related to, then see if its operating in the right place/folder.
@Marc57:
My iaanotif.exe is not in the same place as: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
It’s here: C:\Program Files\Intel\Intel Matrix Storage Manager
I believe it’s in “Intel Matrix Storage Manager” as I see no folder named “Intel Application Accelerator”.
Anyway, will running MBAM after I deleted one of it’s files hurt something? (As in a program or my computer?)
Any guess I venture would be completely uneducated, thus doing you more harm than good.
All I can recommend is the safe move,
re-installing Mbam before you use it again.
Thanks for the replies again guys.
So this is a FP? I assumed it was.
Yeah I know. I panicked and accidentally deleted it.
On another note, I checked on my new Windows 7 computer and the mbamswissarmy.sys file is in a different location than where it is on the other computers… Is that bad? It’s at something like: OS (C:) > Windows > System > SysBox64 (It was something similar to this) > Drivers (This is just from my memory though, so I could be wrong)
And does anyone know the answer to his question?:
I found malware quarantined in Avast's virus chest that I did not quarantine with Avast! However, if you check my last topic, the files that are quarantined in Avast's virus chest is the malware I quarantined with MBAM a few days ago (It was called "Tpv.exe"). However, there are more malware in there (Avast's Virus Chest) that has similar names to Tpv.exe and they are called "Tpw.exe" but both malwares are from the same place. I put a picture of this below.
Does MBAM and Avast share the same quarantine “box/chest”? Because something I quarantined with MBAM is now in Avast’s Virus Chest. (And I supposedly only quarantined ONE thing, not 8 things with half of them named the same thing (4 are named Tpv.exe and 4 are named Tpw.exe)?
Something to add to what I just quoted myself on: My family member did say they seen alerts from Avast! telling them that a virus was detected but just ignored it. They way they said it, I didn’t really understand. He said it slid up the bottom right corner of the screen. So to check to see what might have popped up would someone mind posting a picture of Avast 5’s warning when your on the internet?
This may be why there are malware quarantined in Avast’s Virus Chest that I didn’t quarantine myself… However, why would this be the same malware I quarantined with MBAM? Or is that just coincidental? EDIT: I realized that Avast! HAS been quarantining Tpv.exe and Tpw.exe and maybe one Tpv.exe got by it and MBAM detected it. Is this possible?
One last thing (Sorry), what will uninstalling MBAM do to the malware it has quarantined?
I’m sorry for all these questions. And thanks for all you guys’ help.
Okay thank you. EDIT: Just checked and the “Show Last Popup” is blanked out.
One last thing (Sorry), what will uninstalling MBAM do to the malware it has quarantined?
Deleted , but why uninstall MBAM ?
I assumed it would be deleted, but I wanted to make sure.
but why uninstall MBAM ?
Because I stupidly deleted the mbamswissarmy.sys file. I'm not so sure if MBAM will work now or what it might do if I try to run it.
I will be re-installing it again soon, however with help from the link that Gargamel360 posted.
Because I stupidly deleted the mbamswissarmy.sys file. I'm not so sure if MBAM will work now or what it might do if I try to run it.
I will be re-installing it again however with help from the link that Gargamel360 posted.
ahaaaa....OK
if something is wrong with MBAM then they sometimes advice to use the uninstaller before installing it again.....
http://forums.malwarebytes.org/lofiversion/index.php/t48511.html