Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: BobbyZee67 on June 19, 2010, 03:04:36 AM
-
Hi, Please bear with me as I'm afraid I'm not too clued up on computing, especially on how to deal with this type of warning.
I installed Avast5 when it first came out but I kept getting this warning message that C:\Windows\system32\mbamswissarmy.sys file was a Rootkit: Hidden Service and being pretty sure that it was a FP, I uninstalled Avast. I am of course running MBAM (paid version but realtime protection disabled) and I'm also running SuperAntispyware Pro with realtime protection enabled of which I update and scan on a daily basis and I've never had a hint of infection.
Yesterday, I decided to give Avast another try, installing version 5.0.545 after uninstalling MSE using RevoUninstaller. Program installed ok but this evening I again got the above same warning! I ran a Boot Scan, result of which was "no infections". Again ran MBAM and SuperAntispyware full scans with no infections, so what do I do now? I want to keep running Avast, if and when I receive this warning again, do I tick the "ignore box"?
When I was running Avast last time I entered MBAM files in Exclusions Settings, as yet I havn't this time round.
I look forward to any advice anyone can offer me, incidentally, my Avast5 program is free version.
BobbyZee67
-
Can you submit your C:\Windows\system32\mbamswissarmy.sys file to www.virustotal.com
If it is really a false positive, you can exclude it within avast settings.
There is no need to uninstall avast just because a false positive.
-
That has happened to someone else recently, but not to many other MBAM Pro users.
First ensure that you have the latest avast virus definitions database (do a manual virus definitions and engine update), second ensure that you also have the latest version of MBAM. The exclusions in this instance won't make any difference I believe as this is the anti-rootkit scan 8 minutes after boot (?) and the exclusions are for the on-demand scans.
Just select the Ignore option (but not the don't tell me again or words to that effect) when the detection is made, information about the detection should be transmitted to avast on the next update.
Submission of the file to virustotal I feel will be worthless as the scan done on VT isn't the same as the anti-rootkit scan, so it is unlikely to find anything.
-
Many thanks for your advice David (also Tech's).
Guess what, I now cannot run Malwarebytes because I get message "An error has occurred. Please report error code to our support team".
MBAM Error Missing File (2,0,mbamswissarmy.sys)
The system cannot find the file specified.
I'm clueless as to where file is now, there is nothing in Avast Virus Chest! As I recall, this same MBAM missing file occurred the previous time I installed Avast5. Once again, program version is 5.0.545 and virus definition is 100618-1.
Would appreciate help once more, thanks in anticipation.
BobbyZee67
-
Please follow AdvancedSetup's advice to install a clean version of MBAM:
http://forums.malwarebytes.org/index.php?s=&showtopic=54565&view=findpost&p=270065