OKay so avast detected 2 Rootkit: hidden file’s and it cant remove them… so i dont know what to do.
They’re file names are win32k.sys
and when i try to remove or repair it says something like
System cannot find file specified (2)
and when i try to move to chest it says something like
Request not supported (50)
Umm im using the free avast and windows vista.
What is the full location of these detections ?
The second error is related to malware inside an archive file (not normally scanned in on-demand scans), so it may be unable to extract the file from the archive without causing damage/corruption.
So are you scanning archives during your scan, what type of scan are you doing ?
more info here David
http://forum.avast.com/index.php?topic=101134.msg809650#msg809650
um its the default full system scan i did
Thanks, unfortunately the information there doesn’t give any information on the full location of these detections, files considered to be rootkits.
I didnt see the full location but it was in a winsxs or something folder. Do rootkits work in safe mode?
Just so you know, its not on this computer, its on another.
I don’t believe this is an active rootkit, otherwise the avast anti-rootkit scan (8 minutes after boot) should have alerted.
You can open the ‘Full system scan.txt’ from:
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report folder (XP location).
C:\ProgramData\AVAST Software\Avast\report (Vista/Win7 location).
That contains information on the scans, including detections, copy and past the relevant lines about these detections.
Excluding the anti-rootkit scan thing , what do you mean?
There is nothing about ‘excluding the anti-rootkit scan thing’ in what I wrote.
If there was a live rootkit on your system, then I would expect the avast anti-rootkit scan which runs automatically in the background (8 minutes after boot) to have found it.
No no i meant, what did you mean with the full system scan.txt thing?
Oh yeah and if a rootkit isnt active, what is it? Can it still do stuff… or something?
Uhh i tried starting the computer in safe mode and its took aaaaaaggggggeeesss… and well it said configuring updates, you know windows updates, and my mouse was flashing and then it restarted… is that normal? im trying it again…
so i try it again in safe mode aaand it did the exact same thing execpt not take so long and the mouse didnt flash
so im trying it in normal mode and:
avast is doing a scan, i think a boot time scan and i didnt do that, is it supposed to do this by itself?
That is where the information on the detections is stored for the Full System Scan and we are still after information on the rootkit detection. Open the ‘Full system scan.txt’ text file using notepad and find the lines relating to these rootkit detections and copy and paste them into your next reply.
Okay, the scan is taking a while and i might have to leave it overnight but so far the scan has found 3 corrupted files:
C:\users\user\appdata\locallow\google\googleearth\webdata\f_0001f0|>hr.kml Error 42125 {ZIP archive is corrupted.}
C:\users\user\appdata\locallow\google\googleearth\webdata\f_00038e|>ko.kml Error 42125 {ZIP archive is corrupted.}
C:\users\user\appdata\locallow\google\googleearth\webdata\f_0005cd|>images\texture3.jpg Error 42125 {ZIP archive is corrupted.}
So when the scan is done, does it fix the corrupted files? Or does it leave it? And is it bad if files are corrupted, could that be the rootkits doing or something else with my computer?
I think the computer’s dead. Every single time windows starts it says
Configuring updates stage 3 out of 3 - 0% complete
Do not turn off your computer
(Because when I shut it down when i didnt know what to do when it wouldnt remove the rootkits, it did its windows update)
Then after a few minutes of it saying that the computer restarts!! Even in safe mode!!
So the avast scan finished but I didnt see the results I just heard it restarting…
I cant get the information of detections of the scans or whatever now…
Soo i really dont know what to do now, has the rootkit stuffed my computer up? Is my windows corrupted and it cant update?
They aren’t rootkit detections, just files that can’t be scanned and the reason why. This isn’t an indication that they are infected/suspect, just that they can’t be scanned. That in itself is not the cause of any problem you might be experiencing.
This would only have an impact on google earth and if you don’t notice a problem in that the corrupt files may simply be down to the fact that avast isn’t able to open/extract
I honestly can’t give you an answer as I still don’t know if you have a rootkit as there is no information on the detection of a rootkit and as I keep banging on the avast anti-rootkit scan isn’t alerting on a rootkit. You say these rootkit detections were on a full system scan and not 8 minutes after boot (the anti-rootkit scan).
Check this image example (click to expand) of an anti-rootkit scan alert, have you had one that looks like/similar to this ?
Avast can’t fix the corrupted files, it wouldn’t know where to begin, that could only be done by google itself.
Well I cant get into my computer now, so I cant get more information on the scan!! I think I have another problem now.
And im pretty sure the boot-time scan isnt set to scan yet unless it does it itself… or something…
The boot-time scan is a user selected option, once selected it runs once on the next boot and not every time. Plus the boot-time scan hasn’t been mentioned in this topic previously.
That said the boot-time scan isn’t related to the automatic anti-rootkit scan run 8 minutes after boot.
ooh ok so they’re different!! Ok sorry… But i think theres something wrong with the windows update not avast or a virus… Soo i dont think you can help me…
Have you tried to manually download the windows updates, if so are you getting any errors displayed ?
Check out this MS fixit relating to windows update http://support.microsoft.com/kb/971058.
How am i suppose to if i cant use windows??
In case you didnt see my other post:
Everytime windows starts it says
Configuring Windows updates 3 out of 3 0% complete.
Then after a few minutes the computer restarts and it does the same thing over and over even in safe mode.