Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: vittau on September 11, 2012, 07:45:35 PM
-
Hi,
I've just got a rootkit alert seconds after Windows Update completed installing KB2735855 (System update), KB2736233 (ActiveX), KB80830 (Malware removal) and KB915597 (Definition Updates).
I said "ignore", and then proceeded to reboot the computer to finish the updates.
I suppose it was a false positive? I'm fairly sure my OS is clean.
Also, I can't seem to find any log of this detection to post here...
-
Hi,
I've just got a rootkit alert seconds after Windows Update completed installing KB2735855 (System update), KB2736233 (ActiveX), KB80830 (Malware removal) and KB915597 (Definition Updates).
I said "ignore", and then proceeded to reboot the computer to finish the updates.
I suppose it was a false positive? I'm fairly sure my OS is clean.
Also, I can't seem to find any log of this detection to post here...
What's Your OS?
Just finished WIndows Update on my XPSP3 with no issues/ or Alerts. :)
-
Windows 7 Professional SP1 (x64)
EDIT: Just finished a quick scan with 0 detections. Avast, what's gotten into you? :P
I suppose a full system scan wouldn't be necessary to detect an active rootkit?
-
Windows 7 Professional SP1 (x64)
EDIT: Just finished a quick scan with 0 detections. Avast, what's gotten into you? :P
I suppose a full system scan wouldn't be necessary to detect an active rootkit?
If you are concerned, you could do a 'Boot Time Scan'(never hurts) although, I believe Avast scans for rootkits several seconds into boot. :)
-
If you are concerned, you could do a 'Boot Time Scan'(never hurts) although, I believe Avast scans for rootkits several seconds into boot. :)
Oh well, I think I'll pass, these full scans take forever. :P
Everything in this computer is always up-to-date, and I know what I'm doing (computer science undergraduate), so I'm guessing avast's heuristics got confused there somehow...
-
Avast does a rootkit scan 8 minutes after boot, so basically it depends on how many times you switch your system on.
-
Avast does a rootkit scan 8 minutes after boot, so basically it depends on how many times you switch your system on.
Every day. I don't keep it on at night.
Is there a place where I can see the history of detections? I can't seem to find that detection logged anywhere...
-
I guess it's aswAr.txt in the log folder.
-
I guess it's aswAr.txt in the log folder.
aswAr.log is already replaced with a newer version, with 0 detections... :(
aswAr.txt, I can't find this one. I suppose you confused the extension?
-
I have a theory here:
avast Anti-rootkit was running at the EXACT same time as Windows Update replaced a critical file. avast AR asked Windows what file was supposed to be running, but because WU just changed it, it read a different file and that triggered the alert.
Now it doesn't trigger anymore because the new file is already registered.
Is that possible?
-
I suppose you confused the extension?
yeah, sorry!
If in doubt, try a simple full system scan. It won't take long and the rootkit scan will be "deeper".
-
This update might be the reason to false alert: http://support.microsoft.com/kb/2735855 (Windows Filtering Platform Update for Windows 7), because Avast Web Shield uses Windows Filtering Platform. At least I think so.