Avast WEBforum

Other => Viruses and worms => Topic started by: Jobber on May 25, 2013, 07:03:41 PM

Title: Rootkit On Computer
Post by: Jobber on May 25, 2013, 07:03:41 PM

Did a Full System Scan with Avast! today and found:

File Name: C:\Windows\...\tmp.edb

Severity: High

Status: Threat: Rootkit: hidden file


Tried to Move to Chest but got an Error message:


Error: The Request is not supported.


1) I didn't do a Bootscan as I was prompted to by Avast!

Should I do a Bootscan????

2) Should I do a scan with Malewarebytes Anti-Malware?


3) Need to get rid of the Rootkit; please help me get rid of it.


Thanks.


Recently, I've been getting a lot of pop up market research "surveys" for websites when I visit them, so maybe this is causing that to happen.
 

Title: Re: Rootkit On Computer
Post by: Pondus on May 25, 2013, 07:36:16 PM

follow guide. http://forum.avast.com/index.php?topic=53253.0

 

Title: Re: Rootkit On Computer
Post by: Jobber on May 25, 2013, 09:03:18 PM

Didn't see the Extras.Txt file log after run scanning OTL.  ???



I can't think of anything I did incorrectly but only the OTL.Txt appeared.



Should  I now continue with th aswMBR.exe?

Title: Re: Rootkit On Computer
Post by: essexboy on May 25, 2013, 09:09:39 PM

edb files are legitimate and are transient  they come and go fairly fast

Quote

Windows security database files ('.edb') may be scanned as part of behavior monitoring or in scenarios where the on-access scanner needs to verify the file type is as the filename suffix states. This can occur irrespective of the on-access scanned extensions list.

These files can contain a structure that the on-access scanner may interpret as malicious whilst the file is in transitional state.

Otherwise the logs look clean

Title: Re: Rootkit On Computer
Post by: Jobber on May 25, 2013, 09:22:53 PM

Quote from: essexboy on May 25, 2013, 09:09:39 PM

edb files are legitimate and are transient  they come and go fairly fast

Quote

Windows security database files ('.edb') may be scanned as part of behavior monitoring or in scenarios where the on-access scanner needs to verify the file type is as the filename suffix states. This can occur irrespective of the on-access scanned extensions list.

These files can contain a structure that the on-access scanner may interpret as malicious whilst the file is in transitional state.

Otherwise the logs look clean

Should I continue and download aswMBR.exe as outlined in the Cleaning Malware info thread??

Title: Re: Rootkit On Computer
Post by: essexboy on May 25, 2013, 11:56:40 PM

You can if you wish to double check :)