Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: 129260 on April 02, 2008, 01:44:12 AM

Title: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 02, 2008, 01:44:12 AM
and It only happens when the aol tray icon fails to load on startup. Which ironically happens lately now. When the aol icon appears next to the clock, it does not say a rootkit was found.
Otherwise, the new version works fine. I'm not sure if it's a false positive, and i cant have it automatically send a analysis to avast because i have dialup. It comes up with a window that says rootkit found, and then thats as much as (the path in the subject) that i could remember. It also says on the bottom of the window, a checkmarked box to send to avast for analysis. I have dial up though, so when i click ignore once, (I don't check the ignore permanently) I tried going into the avast log to see if it would be in there so that i could send to avast for analysis. It wasn't in the avast log. I have done a full boot scan and updated avast completely with latest updates and i am wondering if it is a false positive? ;) I think so because aol is perfectly safe. :)
I have scanned with all my antispyware apps and i am clean also according to hijack this.

Also, i would like to mention when i told avast to scan and i clicked run in background, after 30 minutes of scanning, i went to restore the window and avast scanner wouldn't restore, even after a hour of waiting for the window to restore. It froze. I had to restart my system. As long as I do not click go to background while the scan is running, and leave it alone for awhile, it will not freeze. If i just minimize it, it works fine. :) So, i do not know what is up. Any help would be appreciated. :) I do not use any skins in avast. I use the really simple interface. I have teatimer sd spybot resident running, windows defender, and avast in the background. I don't know if that helps, but i thought i would mention that. I run windows XP sp2 on a 2.50ghz processor with 760 mb of system ram. Thanks.   
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: Lisandro on April 02, 2008, 03:18:19 AM
I'm not sure if it's a false positive, and i cant have it automatically send a analysis to avast because i have dialup.
Which is the size of the file?

Does the freeze occur any other time or just once?
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 02, 2008, 03:26:24 AM
I do not know. Thats all i remember from the path and from what the window said. I can try to make it occur again and i will write down everything i see or maybe prob. take a snaphot so that you can see it. As for issue 2, the freeze seems to happen anytime during the scanning process when i click the go to background button. If i just minimize or run the scan normally, it works fine! :) Just when the go to background button is pressed does it seem to freeze the scanning window. Task manager indicates the program is not responding. Did i find a bug? I can try to see if it happens all the time, or only when scanning certain files on the hard drive. I will check and post my results. :) 
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: Lisandro on April 02, 2008, 03:30:16 AM
The freeze seems to happen anytime during the scanning process when i click the go to background button. If i just minimize or run the scan normally, it works fine! :)
Never saw this problem... I thought just the scan priority is changed, nothing more.
I hope that Alwil team has some time to look at this... forums are really busy these days.
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 02, 2008, 04:30:37 AM
its no prob, anyone that offers a free antiviruis, well, I'm not going to complain. :) I want to buy pro as soon as my finances allow, anyways, here is the screen shots i promised. I wanted to make note that i had to restart a couple of times to see these messages from avast, like i said, it only happens sometimes, not all the time. I'm not going to hit delete because it appears to be a valid aol file. I really had to scale down the images due to the lack of allowing small file sizes and no zip support :( hope these are clear enough to see....As for the scan freezing, i will check into that and let u know asap. (it didn't happen with the older versions of avast btw)
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: Lisandro on April 02, 2008, 02:55:23 PM
its no prob, anyone that offers a free antiviruis, well, I'm not going to complain. :) I want to buy pro as soon as my finances allow
Although they're a serious company... the free is not a buggy application of the good Pro ;)
I wish they can reproduce this and see if there is something wrong in the program. I've tested on my side and not a problem with the background scanning.

like i said, it only happens sometimes, not all the time.
Doesn't it depend on which other applications are running at the same time as the scanning?
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 02, 2008, 05:56:10 PM
"Although they're a serious company... the free is not a buggy application of the good Pro Wink
I wish they can reproduce this and see if there is something wrong in the program. I've tested on my side and not a problem with the background scanning."

yes i know :) Hmm ok. Thanks.

"Doesn't it depend on which other applications are running at the same time as the scanning?"
I meant it doesn't always happen with the rootkit found message. Thats why i said it doesn't always happen. Only somtimes, like i said, i had to reboot sevral times before it came up again. Its weird.
As for the scanning issue: The time it happened I had no other programs running, at least if i remember correctly. (I could be wrong) I'll try scanning again with no programs running and see what happens. Will post back with results.   
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 03, 2008, 05:38:21 PM
any one know how to solve this? thanks :)
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 04, 2008, 02:42:10 AM
when scanning, that issue, it still exists sometimes even when no programs run. :( Also, can anyone help me with the aol rootkit issue? Thanks....
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 06, 2008, 05:29:46 AM
I sent an email to virus (at) avast.com and in the subject i put false positive? and i gave a link to this thread. Since then, I have updated avast completely, and so far I have not seen the aol rootkit message. However, issue 2 with scanning still exists. :) It's not a big issue, so feel free to help anyone else with a bigger issue then mine. :) As long as I don't click go to background it works great! 
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 09, 2008, 10:31:10 PM
The aol issue is back....and i still have not received a word on the mild issue with scanning....I understand these forums are busy. just letting you know I'm still here.
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 26, 2008, 01:51:54 AM
um hello? I am still having the aol rootkit issue! please respond!
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on April 30, 2008, 04:08:12 AM
um hello? I am still having the aol rootkit issue! please respond!
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: havildar on April 30, 2008, 11:25:02 AM
Good Morning,

I don`t have any answers yet, but would like to confirm a silmilar problem:

avast detects a rootkit in common files/aol/acs.

It seems to be a notification to subscribers that they will need to change their method of connection to the AOL UK servers. I too had the avast warning and clicked the option to send the file to avast at about 4.0 pm yesterday (BST). I also clicked the option to delete then run a boot scan which found nothing.

I should add the aol notification was an invitation to order a CD, presumably to install this new TCP/IP connection (?), I think. Some subscribers have been having problems recently with their DSL modems not being recognised, and unable to log on to AOL UK, which is now CarPhone Warehouse, part of the Talk Talk group. (Keep it simple?)

As usual AOL has been lamentably secretive about what`s going on and, of course, you would be better off speaking to yourself than contacting AOL Help. I tried to order the CD in question, but the link came up with Error 404 Page Not Found.

I`m waiting to see what will transpire today.
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 02, 2008, 11:18:01 PM
sigh* hello? can someone please respond that can help me fix this issue?
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: rassel on May 03, 2008, 07:18:30 AM
Be patient. There will be someone who can help you out. ::)
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: alanrf on May 03, 2008, 07:23:37 AM
Were I the original poster I can tell you my patience would have worn out completely by now too.

For goodness sake could not one single member of the avast team have thrown the original poster some kind of lifeline by now. 

Anyone home in avast central who cares about the users?     
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: rassel on May 03, 2008, 08:11:36 AM
Sorry i didn't saw until the date
The aol issue is back....and i still have not received a word on the mild issue with scanning....I understand these forums are busy. just letting you know I'm still here.
to
sigh* hello? can someone please respond that can help me fix this issue?
That must be quite bad. Is about one week getting the problem.
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 05, 2008, 03:11:29 AM
     ya and sometimes when i boot when the message comes up i just keep hitting ignore, not ignore forever, but ignore, i have posted screenshots, I'm not computer stupid, (I build computers and test software as a hobby), I know what I'm talking about lol, so i don't know why no one can help me figure this out.

(This forum needs a place separate for users who have not received help in a certain matter of days. just a comment  ;))

     I'm not mad, just frustrated with the lack of help. Although, feel free to keep replying to bump my thread up so hopefully someone will see it :) I understand that these issues really are not all that serious, but I would like avast people to check this out, As i think these might be 2 bugs. I'm not going to say there bugs 100%, but these are certainly not normal operations. Hopefully we can figure this out, maybe it's a software issue conflict or something.

(I'm not mad, I'm doing my best to be patient)

More info:
Windows defender in background.-latest version
spybot sd resident.-latest version
Aol-9.0 security edition
Aim (aol instant messenger)-doesn't run on startup-older classic version
Avast-latest version
Zonealarm-latest version
nero incd-incd version 4

Other background processes:
Zune software
Mcafee site advisor

Maybe that will help.  ;D
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 06, 2008, 04:08:17 AM
so.......can anyone help me yet?
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: Lisandro on May 06, 2008, 04:12:48 AM
so.......can anyone help me yet?
129260, I'm reading the last posts... but for sure I can't help with AOL things... I never used their software (not that famous for being good ones).
Did you submit the files to Alwil team for analysis?
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 06, 2008, 04:15:45 AM
Ya, well I'm getting high speed soon, but other people who use this computer prefer aol, so i leave in installed. yes i did. Email says it was successfully sent :) Still haven't received any word. I cant send the files because it wont let me submit anything, it wont let me submit what avast calls the infected file...because it doesn't show up in Avast's logs to submit. Nothing in the avast log viewer or anything indicate the infection or warning from the message i am getting.....I just posted a link to this thread in the email.

I said this in a post :"I sent an email to virus (at) avast.com and in the subject i put false positive? and i gave a link to this thread." just in case u missed it ;)

Thanks for your response! I appreciate it!
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 07, 2008, 06:43:56 PM
so any more word yet? And if you someone responds if you read the first page you will know whats going on better. :) thanks for your time, i am looking forward to a solution to these problems.   
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 10, 2008, 05:30:45 AM
anyone have any more ideas?
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: DavidR on May 10, 2008, 02:38:06 PM
Unfortunately not the new rootkit module is still a bit of a mystery to the avast users who have tried to help, we too are waiting for some input from those who might know, the Alwil team, we feel your frustration.
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 10, 2008, 06:51:44 PM
thanks :) I am just glad someone replied. I'm trying to keep my post near the top so hopefully someone from the avast team will see it. Thanks very much.

UPDATE!!: I had a bright idea-As of now, I have selected in msconfig and told it to not allow aol to start with the system. Since then, I have not received the rootkit issue! However, that is a temporary workaround until someone can really find out why avast thinks its a rootkit.

The aol processes that start up with the system (that i now disabled) were:

Aol dial (helps aol dial into the Internet)

Aol host manager (which puts the aol icon in the notification area.)

Maybe that will help. Aol version is 9.0 security edition. Also, The scanning issue still exists, minor issue but should be looked into. :) Thanks for your reply, and even though were frustrated, at least were frustrated together haha.  :) thanks for your reply!!
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 12, 2008, 09:31:14 PM
so anyone have any more ideas? haha.
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: Vlk on May 12, 2008, 11:43:30 PM
I'd suggest updating to the new build 4.8.1195, and when the message comes up next time, check the "Do not tell me about this rootkit anymore" and click Ignore.

That should basically "resolve" the issue..


Cheers
Vlk
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: DavidR on May 12, 2008, 11:48:47 PM
Thanks Vlk, I hope that resolves 129260's problem and frustration.
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 12, 2008, 11:50:24 PM
ok thanks very much. :) I will if it comes up again. The scanning issue with the go to background has also been resolved with the latest database update......weird. Thanks very much everyone. This issue,(or rather issues,) is now resolved :) Thanks to everyone so much. This thread can now be closed. WOHOOOOO!! :) GO AVAST!!
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: DavidR on May 12, 2008, 11:54:13 PM
Glad that you stuck with it, worth it in the end.
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 12, 2008, 11:58:27 PM
yes very, I was very patient wasn't i? lol. I surprised myself a little. haha. I guess because it was just minor issues, i could deal with them and gave patience. :) haha. Thanks to everyone, avast forever!! :)
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: Lisandro on May 13, 2008, 12:03:35 AM
Can you test if the latest 4.8.1195 solve this problem?
Title: Re: avast detects a rootkit in common files/aol/acs
Post by: 129260 on May 13, 2008, 12:07:24 AM
I'm about to reboot with the new avast version.......BUT Solved which problem? It no longer freezes during scan with the latest virus database update. And as for the rootkit issue, i stopped receiving them when i kept Aol from booting with the system. I said that in a post somewhere, i guess you missed it. The limited user accounts can still use aol without it booting with the system. Everyone wins!! :)