Rootkit scanner causes slowdown?

Hello!

I have what seems to be a unique problem. After Avast! upgrated to VPS version 110602-1 this morning, I started a full scan. However, the scanner got about halfway through the rootkit scan when it hung – the timer kept counting up, but didn’t scan any more files. I stopped the scan, then Avast hung for a minute, then shut off the real-time shields. I had to re-enable the shields at that point.

I rebooted the machine, and once the quick rootkit scan began (at the eight minute mark after booting), the slowdown returned. I managed to check Windows event viewer, and it turns out my root hard drive was experiencing time outs and access problems. It would take a window literally minutes to open.

I disabled the post-bootup rootkit scan, and everything acted okay (also did a boot-time scan, which came out clean). The rootkit scan never caused these problems before today, and it didn’t even happen when I first booted the machine this morning (I also ran a scan then, and it came out clean with no slowdowns). Avast has never flagged anything on my system (outside of false positives), so I have no idea what’s going on. I haven’t downloaded any files lately, and didn’t visit any new sites or anything – just a forum or two and some news sites. Again, this only started happening after the VPS version updated to 110602-1 (and has continued with version 110602-2).

I’m on WinXP SP3, with Kerio Sunbelt Personal Firewall 4. I also have Windows Defender installed, and it has remained quiet so far. I already tried repairing my Avast installation and uninstalling/reinstalling, with no luck.

Any help would be appreciated.

I forgot to mention I am running the most recent version of Avast, as well.

  1. Have you made any changes to your default settings in Avast?

  2. What kind of scan did you do besides the Boot-time scan (Quick or Full)?

  3. Is your machine acting normally? What prompted you do to a Boot-time scan?

  4. Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
    · Download free http://www.malwarebytes.org/ for an on-demand scanner.
    · Double Click mbam-setup.exe to install the application.
    · After install, click update so you have latest database before scanning.
    · Under Settings:
    o General: Automatically Save File After Scan Completes is checked off
    o Scanner Settings: Check all boxes
    o Updater: Download and install update if available is checked off
    · Once the program has loaded, select “Perform Quick Scan”, then click Scan.
    · The scan may take some time to finish, so please be patient.
    · When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
    · Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
    · The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    · Copy & Paste the entire report in your next reply.

  5. What other security software do you currently have or did you have in the past on this machine including:

  • Antivirus (AV)
  • Firewall (FW)
  • Trial versions of AV, FW and other security programs
  • Other security software
  • If they were in the past, how did you remove them (the vendor’s uninstaller’s tool or another way)? Did you use the Avast Uninstaller Tool?

Thank you.

Thank you for your reply.

  1. The only changes I made to Avast’s default setting (that I’m aware of) was turning off the automatic rootkit scanner after startup yesterday, and I don’t have the WebRep plugin installed. Oh, and I turned off sounds and the “Animate tray icon when scanning” option, too. I also changed the Virus Chest size to no limit. If it matters, I also have “scan for PUP” turned on in my full scan settings.

  2. I did a full scan yesterday morning after VPS 110602-0 was released. Everything was fine. After 110602-1 was released, I did another full scan, which is when Avast began hanging on the rootkit scanner.

  3. Outside of the rootkit scanner seeming to slow my system to a crawl, everything else is acting normally. There have been no popup warnings, nothing like that. I did a boot-time scan after the standard full scan hung the system during the rootkit scan (after VPS version 110602-1 was released), forcing me to reboot my computer (it wasn’t really quite hung, though, just really, really slow because the rootkit scanner seemed to set off a slew of access and time-out errors on my C: drive). Right now my computer is acting normally – no disk errors or slowdown – though I still have the auto rootkit scan after startup turned off.

  4. My MBAM log, which found 0 problems:

Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org

Database version: 6758

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2011 5:55:33 AM
mbam-log-2011-06-03 (05-55-33).txt

Scan type: Quick scan
Objects scanned: 142584
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

  1. I have only ever had Avast on this machine. I updated to version 6 free from 5 through the GUI updater. Before that I upgraded from 4 to 5. As I said before, my firewall is Sunbelt Personal Firewall 4 by Kerio. The firewall has been on the PC as long as Avast has (just over three years), and there’s never been a conflict between the two. I also have Windows Defender installed; again, there has never been a conflict bewteen it and Avast.

I feel I should also note that my C: drive (which is getting the slowdown errors upon a rootkit scan) is SCSI. Don’t know if that makes a difference or not.

Since you are using an XP with Avast, you really do not need to use Windows Defender (WD), and it really is a memory hog. I personally would either make it on-demand (if you need it in the future, just update the definitions) or if you need memory uninstall it.

As for why your boot-scans are taking longer, it could be for several reasons:

  1. You are scanning for PUP’s
  2. You upgraded from v.4.0 > 5.0 > 6.0. If you really find this annoying, you may want to consider doing a clean install of 6.0.1125. When you uninstall Avast, make sure you uninstall ALL versions of Avast and reboot in between each version.

Your scans are clean, so I do not think that malware is an issue. :smiley: And as long as you have had no problems with your firewall, then leave things as they are. Let me know if you have any further questions. Thank you.