I’m new to the forum. Yesterday my Avast found a rootkit. I tried fixing it but it says “Error: Access is denied (5).” I then tried moving it to chest but my avast just went in a state of perpetual thinking but never moved to chest. So I decided to do a boot scan. But I cannot seem to find the boot log files even with hidden files shown. I then ran like 5 more full system scans and 2 boot scans afterwards (excessive I know) but they found nothing. I also used Malwarebytes to do a full system scan and it did not find anything. I don’t know if the first boot scan deleted the rootkit or not since I cannot find the boot log. Do you guys think it is safe to assume it did delete it? If not, how should I go about confirming whether or not my computer is truly clean?
The rootkit was C:\Windows\Temp_avast_\ws1EC2BEB0.dat. I tried looking around in the forums to see if anyone ever got this but can’t seem to find any related threads. Please help guys I really want to know if my computer is clean or not.
I haven’t had any problems until today. I booted up my computer to do the scan as you instructed but for some reason my computer booted to a grey screen for my desktop with no icons, toolbar, etc. Just empty grey. First time this ever happened. Restarting seemed to make it boot normally. Any ideas what happened there? Can a rootkit even do that?
So you think it’s do to FRST running from the first time (i.e. the first time I ran it so no fixlist that you gave involved) that produced the grey screen on boot up?
Also, I never had alerts to begin with. It was one scan that found the rootkit but failed to repair due to error stated in my initial post and also could not move to chest. So I did a boot scan but am not sure if I am clean now since I cannot find the boot scan logs even with hidden files shown. Subsequent scans with both avast and malwarebytes don’t seem to show anything.
Thats good to hear. What prompted me to scan in the first place was when I logged onto my email account, I saw a quick cmd execution that appeared and disappeared w/in a fraction of a second and this never happened before. And so that’s why I scanned and it came up with that rootkit.
If you are certain my system is clean now, then I can rest assured.
Download DrWeb Cureit from here to your desktop it will have a random name
Run the programme
Tick the agreement and select next
Click the green hyperlink “select objects for scanning”
Ok I ran the scanner essexboy. It didn’t detect anything. I can’t seem to post the log for you either because its 1.84 mb and forums max at 1mb. Any ideas how to bypass?