Avast updated today to def version 120801-0 and suddenly a red message popped up(not from the system tray, it is on my screen) saying there are 2 rootkits found- filename SVC: gupdai rootkit name Rootkit: and it gives me two actions to take: delete now or ignore, I can’t move the files to chest. The thing is that I just reformatted my pc so my system should be clean, I already did a full system scan after I had reformatted a day ago and it came out clean, is this a bug?
Hi x2397,
Avast will run a rootkit scan 8 minutes in after a cold start (system startup). SVC: gupdai is a service detected by Avast! as a malicious (hidden?) service running on your system.
Screenshot of message or file path of file detected?
here is a screenshot
Have a look here at http://forum.avast.com/index.php?topic=53253.0 download and run the first three programs (Malwarebytes. OTL, aswMBR.exe) and attach the logs in your next reply.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.01.05
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Biohazard :: BIOHAZARD-PC [administrator]
8/1/2012 12:00:28 PM
mbam-log-2012-08-01 (12-00-28).txt
Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270645
Time elapsed: 23 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
here are the logs for otl
asw log
That looks like a false positive, could you expand the path so that we can get the file name
I pressed ignore so that I could close the window for otl scan I can’t pull up the log since I can’t find it in avast, no log was generated for it. Do you know how I could pull up the log or the file name?
The log will be located at C:\ProgramData\AVAST Software\Avast\log\aswArThis is a hidden folder so you will need to unhide them to see it
I attached the log
Service gupdate [C:\Program Files] **HIDDEN** Service gupdatem [C:\Program Files] **HIDDEN**They are both Google services associated with Chrome and other Google programmes, although why they are hidden I do not know
Scan the following file with Avast
%ProgramFiles%\Google\Update\GoogleUpdate.exe
I followed the path, but the Google folder is empty and I already disabled the hidden files.
OK I can see the problem now, I just checked the OTL and there are no Google services there. What I feel we have here is an orphan entry in the current control set that points nowhere. Hence Avast is a tad concerned.
Next time you see it set it to ignore
Thank you for all your help, your instructions were easy to understand and useful. Thank you for solving my problem.
My pleasure enjoy