Author Topic: Avast anti-rootkit scan  (Read 14800 times)

0 Members and 1 Guest are viewing this topic.

Avastfan1

  • Guest
Avast anti-rootkit scan
« on: November 05, 2008, 02:31:00 PM »
Dear Avast Forum,

Can somebody please tell me how to execute an Avast anti-rootkit scan?

Is this automatically done when a full boot-time scan is completed?

I am using Avast Pro 4.8.1229 with virus defs 081104-0. I understand Avast has an anti-rootkit function however I am a little unsure!

Any help would be much appreciated!

Thanks,

Avastfan1

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Avast anti-rootkit scan
« Reply #1 on: November 05, 2008, 02:50:33 PM »
AFAIK it's done when the boot time scan happens.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast anti-rootkit scan
« Reply #2 on: November 05, 2008, 04:35:40 PM »
Depends on your OS, the anti rootkit doesn't work with win9x, winME.

It is run automatically 8 minutes after start-up, when you run an on-demand scan with a sensitivity of Standard or Thorough (not Quick) it is run as part of that scan too.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Avastfan1

  • Guest
Re: Avast anti-rootkit scan
« Reply #3 on: November 05, 2008, 11:53:08 PM »
Dear Forum,

Thanks for your speedy reply!

Four follow-up questions:
- @Dave Could you confirm Frank's comment that it's run as part of a boot-time scan?
- How do you know it's been run 8 minutes after startup - I notice no harddrive activity? :S
- Is there a separate log or results report to confirm nothing/something was found?
- Would you recommend any complementary anti-rootkit products as an additional security?

Thanks in advance!

Avastfan1

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Avast anti-rootkit scan
« Reply #4 on: November 06, 2008, 12:34:58 AM »
The indication it has been run is located at (normally) C:\Program Files\Alwil Software\Avast4\DATA\logand the title is aswAR.log. (opens in notepad.)
As to the other three questions, I couldn't say. I've not noticed extra HDD activity 8 minutes after start, but nor have I especially listened/watched for it.
The rootkit scanner is based on the GMER application, which I think is respected and capable. Extra demand scanner/s are up to you. My choice would be not to bother if there was no indication of anything found.
Maybe a checkup (second opinion) scan with a few demand scanners of different categories (AV, AS, Rootkit) every few months. So far I've not found anything significant by following that protocol. The odd FP; the odd tracking cookie. So I'm reasonably confident that the various modules in Avast do a pretty decent job. Actually, a very decent job.
Windows 10,Windows Firewall,Firefox w/Adblock.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast anti-rootkit scan
« Reply #5 on: November 06, 2008, 01:05:33 AM »
Four follow-up questions:
- @Dave Could you confirm Frank's comment that it's run as part of a boot-time scan?
- How do you know it's been run 8 minutes after startup - I notice no harddrive activity? :S
- Is there a separate log or results report to confirm nothing/something was found?
- Would you recommend any complementary anti-rootkit products as an additional security?
1. If I could I would have at the time, to find out I would have run a boot-time scan and checked out the aswAr.log file mentioned by Trag57. You would have to be quick in checking as 8 minutes after boot it would run and overwrite the previous log.
2 & 3. As Targ57 mentioned.
4. I have a few I would try if I felt that I may have a rootkit, but since they will be constantly updated keeping a copy of them is of limited use as it is best to get the latest version before you run it.

There are more anti-rootkit scanners than you can shake a stick at but the greatest majority are totally user unfriendly as they present the user with more questions than answers. There are very few that I would consider efficient and relatively user friendly, but even then you may need further advice.

- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight

GMER (and to a degree Rootkit Revealer) as mentioned is very powerful, but a little like the hijackthis of anti-rootkits as it produces volumes of data that you have to analyse. So these to my mine aren't for your average user.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Avastfan1

  • Guest
Re: Avast anti-rootkit scan
« Reply #6 on: November 06, 2008, 11:25:25 AM »
Dear All,

Many thanks again for the speedy and detailed replies!

Log file was there as you predicted and reported 0 hidden files, registry items, processes, services or boot sectors found! Yay me! :D

I've also noted down the anti-rootkit programs so again many thanks for the great advice!

Keep up the sterling work lads, you are doing a fantastic job. I hope somebody does something nice for you today.

I wish you all a great day and end to the week!

Avastfan1

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Avast anti-rootkit scan
« Reply #7 on: November 06, 2008, 02:53:29 PM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Bluesman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 926
  • Amiga Power!
Re: Avast anti-rootkit scan
« Reply #8 on: November 06, 2008, 03:02:19 PM »
Many thanks again for the speedy and detailed replies!

Be prepared for fast and detailed replies here, this forum is GREAT! Many nice members, that really want to help! :)
"The blues are the roots, everything else is the fruits" -Willie Dixon

Avastfan1

  • Guest
Re: Avast anti-rootkit scan
« Reply #9 on: November 06, 2008, 05:11:12 PM »
Bluesman: du är väl svensk eller hur? :D

Offline Bluesman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 926
  • Amiga Power!
Re: Avast anti-rootkit scan
« Reply #10 on: November 06, 2008, 05:15:55 PM »
Bluesman: du är väl svensk eller hur? :D

Yes, I am swedish :) But we talk english here, so everybody can understand ;)

If you want to talk about avast on our language, I can recommend the forum @ http://www.avasthome.se/ :)

My nick is Columbo there!

See ya', or as we say in swedish, SKÅL! ;)
« Last Edit: November 06, 2008, 05:18:54 PM by Bluesman »
"The blues are the roots, everything else is the fruits" -Willie Dixon