Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Avastfan1 on November 05, 2008, 02:31:00 PM

Title: Avast anti-rootkit scan
Post by: Avastfan1 on November 05, 2008, 02:31:00 PM

Dear Avast Forum,

Can somebody please tell me how to execute an Avast anti-rootkit scan?

Is this automatically done when a full boot-time scan is completed?

I am using Avast Pro 4.8.1229 with virus defs 081104-0. I understand Avast has an anti-rootkit function however I am a little unsure!

Any help would be much appreciated!

Thanks,

Avastfan1

Title: Re: Avast anti-rootkit scan
Post by: FreewheelinFrank on November 05, 2008, 02:50:33 PM

AFAIK it's done when the boot time scan happens.

Title: Re: Avast anti-rootkit scan
Post by: DavidR on November 05, 2008, 04:35:40 PM

Depends on your OS, the anti rootkit doesn't work with win9x, winME.

It is run automatically 8 minutes after start-up, when you run an on-demand scan with a sensitivity of Standard or Thorough (not Quick) it is run as part of that scan too.

Title: Re: Avast anti-rootkit scan
Post by: Avastfan1 on November 05, 2008, 11:53:08 PM

Dear Forum,

Thanks for your speedy reply!

Four follow-up questions:
- @Dave Could you confirm Frank's comment that it's run as part of a boot-time scan?
- How do you know it's been run 8 minutes after startup - I notice no harddrive activity? :S
- Is there a separate log or results report to confirm nothing/something was found?
- Would you recommend any complementary anti-rootkit products as an additional security?

Thanks in advance!

Avastfan1

Title: Re: Avast anti-rootkit scan
Post by: Tarq57 on November 06, 2008, 12:34:58 AM

The indication it has been run is located at (normally) C:\Program Files\Alwil Software\Avast4\DATA\logand the title is aswAR.log. (opens in notepad.)
As to the other three questions, I couldn't say. I've not noticed extra HDD activity 8 minutes after start, but nor have I especially listened/watched for it.
The rootkit scanner is based on the GMER application, which I think is respected and capable. Extra demand scanner/s are up to you. My choice would be not to bother if there was no indication of anything found.
Maybe a checkup (second opinion) scan with a few demand scanners of different categories (AV, AS, Rootkit) every few months. So far I've not found anything significant by following that protocol. The odd FP; the odd tracking cookie. So I'm reasonably confident that the various modules in Avast do a pretty decent job. Actually, a very decent job.

Title: Re: Avast anti-rootkit scan
Post by: DavidR on November 06, 2008, 01:05:33 AM

Quote from: Avastfan1 on November 05, 2008, 11:53:08 PM

Four follow-up questions:
- @Dave Could you confirm Frank's comment that it's run as part of a boot-time scan?
- How do you know it's been run 8 minutes after startup - I notice no harddrive activity? :S
- Is there a separate log or results report to confirm nothing/something was found?
- Would you recommend any complementary anti-rootkit products as an additional security?

1. If I could I would have at the time, to find out I would have run a boot-time scan and checked out the aswAr.log file mentioned by Trag57. You would have to be quick in checking as 8 minutes after boot it would run and overwrite the previous log.
2 & 3. As Targ57 mentioned.
4. I have a few I would try if I felt that I may have a rootkit, but since they will be constantly updated keeping a copy of them is of limited use as it is best to get the latest version before you run it.

There are more anti-rootkit scanners than you can shake a stick at but the greatest majority are totally user unfriendly as they present the user with more questions than answers. There are very few that I would consider efficient and relatively user friendly, but even then you may need further advice.

- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip).
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp (http://www.trendmicro.com/download/rbuster.asp)
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight (http://www.f-secure.com/blacklight)

GMER (and to a degree Rootkit Revealer) as mentioned is very powerful, but a little like the hijackthis of anti-rootkits as it produces volumes of data that you have to analyse. So these to my mine aren't for your average user.

Title: Re: Avast anti-rootkit scan
Post by: Avastfan1 on November 06, 2008, 11:25:25 AM

Dear All,

Many thanks again for the speedy and detailed replies!

Log file was there as you predicted and reported 0 hidden files, registry items, processes, services or boot sectors found! Yay me! :D

I've also noted down the anti-rootkit programs so again many thanks for the great advice!

Keep up the sterling work lads, you are doing a fantastic job. I hope somebody does something nice for you today.

I wish you all a great day and end to the week!

Avastfan1

Title: Re: Avast anti-rootkit scan
Post by: DavidR on November 06, 2008, 02:53:29 PM

You're welcome.

Title: Re: Avast anti-rootkit scan
Post by: Bluesman on November 06, 2008, 03:02:19 PM

Quote from: Avastfan1 on November 06, 2008, 11:25:25 AM

Many thanks again for the speedy and detailed replies!

Be prepared for fast and detailed replies here, this forum is GREAT! Many nice members, that really want to help! :)

Title: Re: Avast anti-rootkit scan
Post by: Avastfan1 on November 06, 2008, 05:11:12 PM

Bluesman: du är väl svensk eller hur? :D

Title: Re: Avast anti-rootkit scan
Post by: Bluesman on November 06, 2008, 05:15:55 PM

Quote from: Avastfan1 on November 06, 2008, 05:11:12 PM

Bluesman: du är väl svensk eller hur? :D

Yes, I am swedish :) But we talk english here, so everybody can understand ;)

If you want to talk about avast on our language, I can recommend the forum @ http://www.avasthome.se/ :)

My nick is Columbo there!

See ya', or as we say in swedish, SKÅL! ;)