Threat: Rootkit: hidden file

Can’t tell you much, except I run a weekly scheduled scan specifically looking for Rootkits. Nominally a “Quick Scan”, but, given settings I use, it ain’t always that quick.

Edit:
Hit Post instead Preview, apparently…
Anyway, Boot Scan was clean; No such folder as C:\avast! sanbox.. existing now, as far as I can tell.
Fix automatically deleted the offending file (on reboot) anyway. Boot Scan was clean.

Can’t find a text format log of the event, so attached screen shot of full address.

Oh, yes… Was messing around with SafeZone during the week. Tried ‘bookmarking’ Firefox (not my default browser) in safezone some time ago - didn’t seem to work at all. So, during the the week…
Removed Firefox as an app in SZ; set Firefox as default browser in order to import bookmarks from FF to SZ browser (which actually did work), then reset default browser back to Chrome.

Besides, some “updater.exe” was running at one time and chewing up CPU one day. Couldn’t kill it using TM; figured it was cos I had FF open for a few minutes; opened FF again and did update (ran update for Chrome too). Still, the thing wouldn’t die untill I rebooted.

Apart from the “Rootkit” id, I’m not sure this a worry.
Don’t seem to be any problems, but still…
To be on the safe side, what should I do?

I can post logs if requested, or run some other rootkit scan(s)…

Thanks for any advice.

Resetting the Avast! Sandbox should help. If you think you’re infected go to this thread and post MBAM/OTL/aswMBR

Note: aswMBR is for Windows 7 only)

Thread: http://forum.avast.com/index.php?topic=53253.0

Resetting the Avast! Sandbox should help.
[b]How to[/b] .... scroll down to bottom http://www.avast.com/en-eu/faq.php?article=AVKB17#artTitle

Right. Sorry

Thanks people. Reset SafeZone fixed it (I know, cos I scan before found the same ‘rootkit’ and scan after didn’t)
Thanks for the “how to” as well; I can’t find that kind of thing myself. The path is rather different now tho. It is Settings > Tools > (SafeZone) Customise (see attachment). Then Reset.

I don’t know why I didn’t see it earlier but, there is a selection menu for the brower(s) from which you want to import bookmarks etc… That works fine now. It looked to me as if it would import only from default browser when I first tried, hence all the mucking about.

:wink: Seems to work on XP, anyways.

I have a question regarding aswMBR; Does anything suspicious show up in red text, or is this http://public.avast.com/~gmerek/aswMBR.htm meant for illustration only?
Not that I think I would try cleaning without further advice - tho, from that page and for the most part, instructions seem simple enough. Besides, I did a scan and it looks clean to me.

Probably off topic, but:
I attached another screenshot of Task Manager showing some odd looking ‘processes’. Maybe something to do with HitmanPro or HitmanPro.Alert?
The “.com” extension seems very strange to me and appears in only one User Account (Admin). The “.exe” proccess disappears after a short time in any case.

Thanks again for the help. Your time and attention always much appreciated!