avast! Antirootkit, version 0.9.6
Scan started: Wednesday, September 17, 2008 12:05:49 AM
File C:\Users\shred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUWELWKQ\errorPageStrings[1] HIDDEN
File C:\Users\shred\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUWELWKQ\ErrorPageTemplate[2] HIDDEN
I ran AVAST Anti-Rootkit and got the above results. I cannot imagine where I would have picked up a Rootkit on this machine as I have the latest Version of Avast installed and running. I never go to even slightly risky sites with this computer, I have an old beater computer running XP that I use for anything that could be considered risky. Unless I picked it up playing Unreal Tournament Online. Is that even possible?
I actually have IE7 installed but primarily use Firefox 3 as my main browser. I do have the IE Tab installed in FireFox 3. I wonder if this has anything to do with it? I have a clean from the factory install of Vista Home Premium on that computer so IE5 has never even been installed on that system.
I let Avast Anti-Rootkit “clean” whatever those files were and after reboot rescanned and got a clean bill of health.
But my question remains, were those files actual Rootkits? If so should I be worried that my personal info has been compromised?
this is not a false detection probably… this situation was discussed some time ago and is caused by some running component of IE… generally when you have an process (which creates or deletes some temporary files) running while doing the antirootkit scan, you can expect this type of alerts… it’s easy - when the file gets hidden (deleted) during the scan, it looks like the act of rootkit and should be reported… it’s always good to terminate all unnecessary processes before starting the antirootkit scan…
Spybot Search And Destroy offers to delete files from the Temp Folder upon startup of that program, but I do not have it active and running, I use it as an On Demand Scanner only. Could that be what caused this?
Should I disable AVAST and my Comodo Firewall to run the RootKit Scan? That was about all I had running on my computer when I last scanned. If so, I will disconnect physically from the internet when I next run the Avast Ant-Rootkit program. As always, thank you for your help.
avast itself should not conflict with the antirootkit scan (off course only when the on-demand scan is not running)… to see other processes and their activity, you can use the ProcessExplorer (Sysinternals/Microsoft)… anyway, there’s no reason to worry about Temporary Internet Files\Content.IE5 folder