Author Topic: Warning Of Rootkit: Hidden Service!  (Read 7226 times)

0 Members and 1 Guest are viewing this topic.

BobbyZee67

  • Guest
Warning Of Rootkit: Hidden Service!
« on: June 19, 2010, 03:04:36 AM »
  Hi, Please bear with me as I'm afraid I'm not too clued up on computing, especially on how to deal with this type of warning.
  I installed Avast5 when it first came out but I kept getting this warning message that C:\Windows\system32\mbamswissarmy.sys file was a Rootkit: Hidden Service and being pretty sure that it was a FP, I uninstalled Avast. I am of course running MBAM (paid version but realtime protection disabled) and I'm also running SuperAntispyware Pro with realtime protection enabled of which I update and scan on a daily basis and I've never had a hint of infection.
  Yesterday, I decided to give Avast another try, installing version 5.0.545 after uninstalling MSE using RevoUninstaller. Program installed ok but this evening I again got the above same warning! I ran a Boot Scan, result of which was "no infections". Again ran MBAM and SuperAntispyware full scans with no infections, so what do I do now? I want to keep running Avast, if and when I receive this warning again, do I tick the "ignore box"?
 When I was running Avast last time I entered MBAM files in Exclusions Settings, as yet I havn't this time round.

  I look forward to any advice anyone can offer me, incidentally, my Avast5 program is free version.

  BobbyZee67

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Warning Of Rootkit: Hidden Service!
« Reply #1 on: June 19, 2010, 03:14:02 AM »
Can you submit your C:\Windows\system32\mbamswissarmy.sys file to www.virustotal.com
If it is really a false positive, you can exclude it within avast settings.
There is no need to uninstall avast just because a false positive.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Warning Of Rootkit: Hidden Service!
« Reply #2 on: June 19, 2010, 03:21:13 AM »
That has happened to someone else recently, but not to many other MBAM Pro users.

First ensure that you have the latest avast virus definitions database (do a manual virus definitions and engine update), second ensure that you also have the latest version of MBAM. The exclusions in this instance won't make any difference I believe as this is the anti-rootkit scan 8 minutes after boot (?) and the exclusions are for the on-demand scans.

Just select the Ignore option (but not the don't tell me again or words to that effect) when the detection is made, information about the detection should be transmitted to avast on the next update.

Submission of the file to virustotal I feel will be worthless as the scan done on VT isn't the same as the anti-rootkit scan, so it is unlikely to find anything.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

BobbyZee67

  • Guest
Re: Warning Of Rootkit: Hidden Service!
« Reply #3 on: June 19, 2010, 08:15:55 AM »
 
  Many thanks for your advice David (also Tech's).

  Guess what, I now cannot run Malwarebytes because I get message "An error has occurred. Please report error code to our support team".
                  MBAM Error Missing File (2,0,mbamswissarmy.sys)
                  The system cannot find the file specified.

  I'm clueless as to where file is now, there is nothing in Avast Virus Chest! As I recall, this same MBAM missing file occurred the previous time I installed Avast5. Once again, program version is 5.0.545 and virus definition is 100618-1.
  Would appreciate help once more, thanks in anticipation.

  BobbyZee67

YoKenny

  • Guest
Re: Warning Of Rootkit: Hidden Service!
« Reply #4 on: June 19, 2010, 11:36:22 AM »
Please follow AdvancedSetup's advice to install a clean version of MBAM:
http://forums.malwarebytes.org/index.php?s=&showtopic=54565&view=findpost&p=270065