Author Topic: HELP, rootkit virus in winsxs, false positive?  (Read 7289 times)

0 Members and 1 Guest are viewing this topic.

loafer80

  • Guest
HELP, rootkit virus in winsxs, false positive?
« on: August 28, 2012, 09:04:30 PM »
I have been trying to resolve this and looking for answers for what to do, knowing how serious rootkit virus can be.

Last night, I manually started a full scan with Avast and it reported 50 rootkit virus in the winsxs folder.  Most of the files are *.dll files with some *.exe. 
knowing that winsxs files could be critical to the OS, I didn't remove the files but unable to move them to chest.

I then scanned the laptop with the latest Malwarebytes Anti-Malware, and reported nothing.
So I scanned with Avast again specifically in the Winsxs folder and full system, both reported nothing.

What should I do next to ensure I'm clean or has the virus stopped any antivirus program to report?

Thanks in advance for helping!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: HELP, rootkit virus in winsxs, false positive?
« Reply #1 on: August 28, 2012, 10:28:56 PM »
attach OTL and aswMBR logs.   http://forum.avast.com/index.php?topic=53253.0

loafer80

  • Guest
Re: HELP, rootkit virus in winsxs, false positive?
« Reply #2 on: August 29, 2012, 05:27:05 AM »
here are the MBam log and OTL log
Thanks

loafer80

  • Guest
Re: HELP, rootkit virus in winsxs, false positive?
« Reply #3 on: August 29, 2012, 05:29:32 AM »
Extras and aswMBR log
Thanks

I will post a screenshot of avast scan log in next post, as I didn't check record log during that scan with 50 rootkit found

loafer80

  • Guest
Re: HELP, rootkit virus in winsxs, false positive?
« Reply #4 on: August 29, 2012, 05:30:22 AM »
screenshot of avast log

loafer80

  • Guest
Re: HELP, rootkit virus in winsxs, false positive?
« Reply #5 on: August 30, 2012, 06:45:51 PM »
bump

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: HELP, rootkit virus in winsxs, false positive?
« Reply #7 on: August 30, 2012, 07:00:09 PM »
When did you last run windows updates ?  Was it during the Avast full scan ?

loafer80

  • Guest
Re: HELP, rootkit virus in winsxs, false positive?
« Reply #8 on: August 30, 2012, 07:14:45 PM »
Pondus/essexboy, thanks for the replies.

yes, I think window update was running during the full scan or finished update but computer hasn’t been restarted.  I probably restarted the computer and re-scanned then nothing came up.