Avast WEBforum

Other => Viruses and worms => Topic started by: mchain on September 02, 2012, 10:21:50 PM

Title: SVC:MBAMSwissArmy Rootkit Detected
Post by: mchain on September 02, 2012, 10:21:50 PM

Started cold boot, 8 Minute scan by Avast! came up with this.  Definitions 120902-1.  Was updating MBAM at the time.  Options were to either delete or ignore, followed by a request for a boot-time scan.  Ignored and no boot-time scan done yet.

FP?

Title: Re: SVC:MBAMSwissArmy Rootkit Detected
Post by: essexboy on September 02, 2012, 10:22:46 PM

Yep that is MBAM's low level driver

Title: Re: SVC:MBAMSwissArmy Rootkit Detected
Post by: mchain on September 02, 2012, 10:25:25 PM

Oh, is ok?  Seems it's a service that would only be running when the gui is open as in downloading updates.

Title: Re: SVC:MBAMSwissArmy Rootkit Detected
Post by: essexboy on September 02, 2012, 10:27:05 PM

No its runs all the time .. Even on the free version

Title: Re: SVC:MBAMSwissArmy Rootkit Detected
Post by: Pondus on September 02, 2012, 10:29:01 PM

not the first time it is detected ...

Title: Re: SVC:MBAMSwissArmy Rootkit Detected
Post by: mchain on September 02, 2012, 10:34:41 PM

just curious, how low is l
                                       o
                                         w?

(For the mbam system driver)