Unable to erase detected rootkit.

Hello,

While running a regular avast scan, the information about a threat was displayed.

It was displayed as system32\sru\SRU03640.log; Level of threat: high; Status: Rootkit: Hidden file;
Result: Error: Access denied (5)

Then, I’ve run some antimalware scans (including Malwarebytes, JRT, ADWcleaner, OTL, Hitman Pro etc) plus avast once again, but nothing was detected. However, it is still possible to see this file in Avast’s threat section, by opening the scan report from when the rootkit was detected.

I was trying to find the infected file in the given localization, but I have found nothing.

Could anyone advise me, what logs (or anything else) should I provide here, to determine whether the threat is real?

Thank you in advance

How to get help instructions >> https://forum.avast.com/index.php?topic=194892.0

My Malwarebytes Anti-Malware has detected nothing. I have run Farbar Recovery Scan Tool, however, the results (logs) are in Polish (a language of my operating system). Could anybody look at them, or at least tell me how to change a language in Farbar, to get logs in English?

English is not needed, any malware entry location will be in english.

FRST diagnostic logs is for the malware expert to review and he know what to look fore

Malware experts are notified, it may take hours before he is online

FRST logs looks clean. Can you reproduce detection?

Do you mean Malwarebytes Anti-Malware or anything else?

Basically, the problem was detected by avast, during full scan. Full name and location of suspicious file is listed in one of above posts.

I mean by Avast. Does detecion appears with every Avast Full scan?

I have conducted few full scans (in avast) since the rootkit was detected.

Apart from the ‘original’ scan, nothing was detected.

After the scan with the detection, I have followed suggested action, and I think, I clicked ‘repair’ button.

However, when I open the scan with detection, still can I see the location, type, and level of threat of the detection.

When I try to delete or move it to quarantine, error 5: access denied, or error 50: request is not supported appear.

Detected file is log file and only thing I can conclude that it was Avast false positive.

Thank you for your help.

Is there anything I can do the confirm this false positive, or to delete this file from scan report, at least?

You can use TDSSKiller to check your system.

https://support.kaspersky.com/viruses/disinfection/5350#block1

TDSS Killer found three suspicious objects.

Basically, these are three unsigned files, however, I can’t paste screenshot at the moment.