Vista

system · October 10, 2011, 7:05am

Hello,

I’m not a computer techy so this is a little beyond me.

An Avast full system scan on 2-10-11 identified 2 rootkit files PID 32968 and PID 32976. The recommended action could not find the files.

A full scan a week later identified another two rootkit files PID 36688 and PID 14956. Again the recommended action could not find the files.

Malware didn’t locate anything and Ad-aware found 14 cookies which I removed.

I have done an Avast full system scan, quick scan and a boot-time scan and none of these found anything.

What should I do???

Thank you.

Mike

Pondus · October 10, 2011, 8:29am

I have done an Avast full system scan, quick scan and a boot-time scan and none of these found anything.

If you say avast does not detect these files anymore, then i guess it was false positives and that they have fixed it with new signatures

Asyn · October 10, 2011, 8:36am

As the OP is talking about PID, it looks like a detection in memory.

Pondus · October 10, 2011, 9:32am

As the OP is talking about PID, it looks like a detection in memory.

the usuall "scan memory" case then ;)

Asyn · October 10, 2011, 9:36am

Yep.

system · October 11, 2011, 7:39am

Thank you for the replies - but I am not sure what action I should take???

Can you advise … thank you.

Mike

Asyn · October 11, 2011, 7:43am

Don’t scan the memory…!

Lisandro · October 11, 2011, 11:19am

Well… when it is in memory it is too late…
But, generally, it is related to unencrypted signatures loaded by other security programs into memory and/or false positives.

system · October 13, 2011, 1:28am

Thank you - hopefully it is a false positive!!

I am looking to replace my Asus PC which runs on Vista. Is Apple a safer bet than windows as far as virus infections is concerned or is Apple just as prone to getting infected?

Cheers … Mike

DavidR · October 13, 2011, 10:11am

It isn’t a false positive, you asked avast to scan memory for virus signatures so don’t be surprised if it does so. When you buy a guard dog don’t be surprised when it bites an attacker.

However, you need to give the full information as a PID is worthless without the associated Process as the PID may differ from system to system, so we won’t know the application responsible for loading that block into memory.

I certainly wouldn’t switch to Apple just because it may be less prone to attack, because it doesn’t have a huge market share. As that market share grows, then it will be worth the malware writers time to go after it. Me I think Apple products are over priced, over hyped, restrictive and proprietary systems.

I haven’t had a virus on my system in over 7 years since switching to avast and you can take pro-active measures to prevent infection or limit the damage.

system · October 13, 2011, 12:35pm

Get Windows 7 and preferably 64bit as it works a lot better than Vista.

Apple products are very expensive as well.

system · October 19, 2011, 9:45am

what does that mean?
does it mean if something infects memory,its irreversible?

DavidR · October 19, 2011, 10:43am

It hasn’t infected memory.

If it is a real virus (not just a signature) that is in memory, effectively it is active/running. Which means that it could have done its work already as it wasn’t detected when it ran to be loaded in memory.

Asyn · October 19, 2011, 10:56am

No, but his would be another topic.

Vista

Announcements