Rootkit

Avast keeps finding a RootKit in: System32/drivers/ATWPKT2
I delete but every time I restart the PC it’s back again.

I use Spywareblaster and I turned off system restore and run the following

Secunia Software Inspector
Windows Care
Spywareblaster
Adaware
Avast antirioot kit
And an avast scan at reboot

It still returns, any help would be appreciated thank you :slight_smile:

But what is the file name that looks like just the folder location ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

When does it find this, very soon after boot, when ?

The anti-spyware applications you are using are lightweight IMHO.
Windows Care
Adaware

Spywareblaster, is a passive immunisation only that adds suspect sites to your browser banned/restricted sites lists.

I would suggest you replace adaware with SUPERantispyware On-Demand only in free version.

If it’s actually System32/drivers/ATWPKT2.sys it’s from aol.

Thank you for your time and help guys :slight_smile:
It was indeed AOL - I emailed them and received the following reply:

With reference to your email,the ATWPKT2.SYS error message is generated when the ATWPKT2.SYS file becomes corrupted. This will prevent you from connecting using a non-DSL connection method.

In order to resolve this problem, please rename the ATWPKT2.SYS file to ATWPKT2.old.

Windows XP Click the START button, then click SEARCH. Click ALL FILES AND FOLDERS. Click MORE ADVANCED OPTIONS. Click the box to put a check mark next to SEARCH HIDDEN FILES AND FOLDERS.

In the All or part of the file name box, type ATWPkt2.SYS, ensure the Look in: box lists the local hard drive, normally (C:), then click the SEARCH button.

Right-click the ATWPkt2.SYS file, click RENAME, then rename the file ATWPkt2.old. Repeat this step until all ATWPkt2.SYS files are renamed ATWPkt2.old.

I carried out their instructions and it seems to have done the trick, although I don’t understand how renaming a corrupted file stops it being corrupted ??? But then what do I know ;D

Thanks again for you help its much appreciated :-*

I don’t see how renaming it would stop it being corrupt, unless they have some integrity check that would replace the ‘missing’ ATWPkt2.SYS file (as you renamed it), you could do the search again and see if that is the case.

Welcome to the forums.

Thank you for the welcome David :slight_smile:

OK I done a search for ATWPkt2.SYS and nothing showed so I searched ATWPkt2.old and still nothing showed ???

The renaming may work as the file might load then disappear after a brief time.

This may explain it better.

http://forum.avast.com/index.php?topic=34665.msg291028#msg291028