Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: TheOwner on February 23, 2017, 03:19:41 PM

Title: Rootkit scan - how it works?
Post by: TheOwner on February 23, 2017, 03:19:41 PM: Hello guys,

i did mistake and ran full system scan during broken virus definitons. I did not delete anything, but there is feature called rootkit scan which is part of all scans and also start automaticaly during windows startup. Is rookit scan affected by virus definitons or its independend feature? Because in scan overview is nothing about rookkits, but in log called aswAr1.log is written 3 hidden registry keys found. I know those keys are perfectly safe, because contains registration data for my installed software. I hope Avast not clean rootkits atumaticaly. How it's work in reality? Is possible this feture deleted something in my pc during false positive plague? Thank you
Title: Re: Rootkit scan - how it works?
Post by: DavidR on February 23, 2017, 04:01:56 PM: The rootkit scan starts 8 minutes after boot (as far as I'm aware), so it shouldn't impact adversely during boot.

It is looking in areas where rootkits tend to hide or use to obfuscate them. If avast did detect a rootkit, then it would display an alert window to tell you so. It should (from memory) offer the user options in the alert window, not to delete, etc.

I think what you are seeing in the log file is more advisory, e.g. reporting a hidden registry entry, not necessarily that it has found a rootkit.
Title: Re: Rootkit scan - how it works?
Post by: Alikhan on February 23, 2017, 04:09:13 PM: Quote from: DavidR on February 23, 2017, 04:01:56 PM
The rootkit scan starts 8 minutes after boot (as far as I'm aware), so it shouldn't impact adversely during boot.

Correct.

During on-demand scans, rootkits are scanned too but if anything is found, it will show up in scan lolg.
Title: Re: Rootkit scan - how it works?
Post by: TheOwner on February 23, 2017, 04:19:38 PM: So it is not affected by virus definitions? And cannot delete something by self? Thank you.
Title: Re: Rootkit scan - how it works?
Post by: Alikhan on February 23, 2017, 04:21:06 PM: Quote from: TheOwner on February 23, 2017, 04:19:38 PM
So it is not affected by virus definitions? And cannot delete something by self? Thank you.

Well, it can be affected by the VPS but it will NOT delete something by itself - always popup etc.
Title: Re: Rootkit scan - how it works?
Post by: TheOwner on February 23, 2017, 04:26:18 PM: Maybe, but everyone knows what boot time scan do, deleting files by self due false positive plague. So i am so careful now.
Title: Re: Rootkit scan - how it works?
Post by: Alikhan on February 23, 2017, 04:29:11 PM: Quote from: TheOwner on February 23, 2017, 04:26:18 PM
Maybe, but everyone knows what boot time scan do, deleting files by self due false positive plague. So i am so careful now.

There's a difference. In the case of a rootkit detected in memory, a user option is required.
Title: Re: Rootkit scan - how it works?
Post by: TheOwner on February 23, 2017, 04:32:13 PM: Thank you for answer. I am calmer now.