Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: x2397 on August 01, 2012, 05:55:03 PM
-
Avast updated today to def version 120801-0 and suddenly a red message popped up(not from the system tray, it is on my screen) saying there are 2 rootkits found- filename SVC: gupdai rootkit name Rootkit: and it gives me two actions to take: delete now or ignore, I can't move the files to chest. The thing is that I just reformatted my pc so my system should be clean, I already did a full system scan after I had reformatted a day ago and it came out clean, is this a bug?
-
Hi x2397,
Avast will run a rootkit scan 8 minutes in after a cold start (system startup). SVC: gupdai is a service detected by Avast! as a malicious (hidden?) service running on your system.
Screenshot of message or file path of file detected?
-
here is a screenshot
-
Have a look here at http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0) download and run the first three programs (Malwarebytes. OTL, aswMBR.exe) and attach the logs in your next reply.
-
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.01.05
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Biohazard :: BIOHAZARD-PC [administrator]
8/1/2012 12:00:28 PM
mbam-log-2012-08-01 (12-00-28).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270645
Time elapsed: 23 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
here are the logs for otl
-
asw log
-
That looks like a false positive, could you expand the path so that we can get the file name
-
I pressed ignore so that I could close the window for otl scan I can't pull up the log since I can't find it in avast, no log was generated for it. Do you know how I could pull up the log or the file name?
-
The log will be located at C:\ProgramData\AVAST Software\Avast\log\aswArThis is a hidden folder so you will need to unhide them to see it
-
I attached the log
-
Service gupdate [C:\Program Files] **HIDDEN**
Service gupdatem [C:\Program Files] **HIDDEN**
They are both Google services associated with Chrome and other Google programmes, although why they are hidden I do not know
Scan the following file with Avast
%ProgramFiles%\Google\Update\GoogleUpdate.exe
-
I followed the path, but the Google folder is empty and I already disabled the hidden files.
-
OK I can see the problem now, I just checked the OTL and there are no Google services there. What I feel we have here is an orphan entry in the current control set that points nowhere. Hence Avast is a tad concerned.
Next time you see it set it to ignore
-
Thank you for all your help, your instructions were easy to understand and useful. Thank you for solving my problem.
-
My pleasure enjoy