When I started up the PC this morning, I logged in to my limited privilege account. After a minute or two, Avast put up a red alert that a rootkit had been found. It recommended that I select ‘delete’, which I did. it also recommended that I perform a boot-time rootkit scan, which I also did.
The boot-time scan did not find anything of interest.
Now I’d like to find out the name of the file that contained the root kit, the file which Avast deleted. I looked through the log files, but did not see an entry naming the deleted file.
How can I find out what the name of the file was that avast thought contained a rootkit and that avast deleted?
Check the C:\ProgramData\AVAST Software\Avast\log\aswAr.log file using notepad, that should contain any detection information (this folder may be hidden so you will need to change that).