Rootkit scan - how it works?

Hello guys,

i did mistake and ran full system scan during broken virus definitons. I did not delete anything, but there is feature called rootkit scan which is part of all scans and also start automaticaly during windows startup. Is rookit scan affected by virus definitons or its independend feature? Because in scan overview is nothing about rookkits, but in log called aswAr1.log is written 3 hidden registry keys found. I know those keys are perfectly safe, because contains registration data for my installed software. I hope Avast not clean rootkits atumaticaly. How it’s work in reality? Is possible this feture deleted something in my pc during false positive plague? Thank you

The rootkit scan starts 8 minutes after boot (as far as I’m aware), so it shouldn’t impact adversely during boot.

It is looking in areas where rootkits tend to hide or use to obfuscate them. If avast did detect a rootkit, then it would display an alert window to tell you so. It should (from memory) offer the user options in the alert window, not to delete, etc.

I think what you are seeing in the log file is more advisory, e.g. reporting a hidden registry entry, not necessarily that it has found a rootkit.

Correct.

During on-demand scans, rootkits are scanned too but if anything is found, it will show up in scan lolg.

So it is not affected by virus definitions? And cannot delete something by self? Thank you.

Well, it can be affected by the VPS but it will NOT delete something by itself - always popup etc.

Maybe, but everyone knows what boot time scan do, deleting files by self due false positive plague. So i am so careful now.

There’s a difference. In the case of a rootkit detected in memory, a user option is required.

Thank you for answer. I am calmer now.