"Rootkit: hidden boot sector" on Triple-Boot!

Hi, I’ve been a long time user of Avast, but just installed it on my Windows XP partition (other 2 partitions are Ubuntu & OSX via the Kalaway hack). I use GRUB to load my boot. So I installed & ran a boot-time scan to be greeted with:

A suspicious hidden object [rootkit] has been detected on your system. This may be a sign of a malware infection. It is recommended to remove the object immediately. File name: MBR: \\.\PHYSICALDRIVE0 Type: Rootkit: hidden boot sector

yikes. Now, is this Avast getting cranky at my boot scheme or is this a real rootkit?! Having fixed my MBR once, I’d rather not botch it up again if I dont really have a rootkit. Many thanks to anyone that can help!

Hi…

You might want to give Blacklight a try just to confirm. You can download it here…

http://www.f-secure.com/security_center/

It’s under “downloads.”

Best Regards…

Thx Ardvark! BlackLight says I’m clean, I think I’ll try RUBotted by Trend Micro next…

…which also says I’m clean (not that it detects rootkits, but it does detect spy / bot activity associated with them. So I’m going to cautiously let this one go, but if anyone knows anything about this (interaction of Avast and GRUB and the possibility of a false positive), please, PLEASE drop a line! Thank you all!

Hi…

You’re welcome! :slight_smile:

Glad I could help.

Best Regards…

UPDATE: so I got impatient, skipped backing up my MBR and decided to roll the dice on Avast knowing better than I do…and it does! I was indeed rootkitted and Avast correctly detected & fixed the issue without disrupting my MBR or GRUB! Big thanks and kudos to Avast!

Hello. Brand new here. =)

Anyway, straight to the point - lafncow, I appear to have exactly the same problem as the one you have described in this thread. My Avast! is giving me the same messages saying the same thing.

I would be extremely grateful if you (or anybody here for that matter) could please give me instructions on what to do to sort out this problem, as I personally know hardly anything about this kind of computer stuff (literate, but only in CLAIT, Microsoft stuff and basic computing really)and I read that you managed to sort out your problem which seems to be identical to mine.

If anybody here can help me, I am more than happy to communicate via whatever medium is more convenient for you, listen carefully and do as I’m told (I admit, that as I’ve said, this is something I know very little about and I don’t really have a clue as to how to go about this task by myself).

Thank-you all who have read this for your time, it is much appreciated. Best wishes. =)

By the way, just remembered and thought it might be useful for anybody wishing to help me, my antivirus is Avast! Free Antivirus, a downloaded antivirus.