Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: sanctuaryforever on April 07, 2008, 10:55:29 PM
-
Sorry if this has been highlighted elsewhere, but at what stage do the rookit boot scan and other scans run (ie after bios screen, before welcome screen or after desktop loads etc)?
ps When a rootkit is detected (by the boot time function) does the warning come up on a dos type screen or does it display its findings when windows has finished booting up?
-
The rootkit scan runs a few minutes after the desktop loads (it's a rootkit scan - looking for active rootkits (= hidden files, processes, ...); so, there's actually no point in trying to load as soon as possible, because if the rootkit is not yet active - it's not hidden, and it wouldn't get detected, at least not as a rootkit).
The boot-time scanner has also been improved, regarding the detection of hidden files (should the rootkit already be loaded at the time boot-time scanner runs).
-
thanks for the reponse :)
-
It it curious what the following boot scan records mean
--
NtSetEvent(g_hInitEvent) - 1
InitKeyboard
g_dwKbdNum: 3
FreeMemory: 3487739904
avworkInitialize
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
\Device\KeyboardClass2 failed: 0xC0000034
FreeMemory: 3449499648
\Device\KeyboardClass2 failed: 0xC0000034
s_dwKbdClassCnt: 3
InitKeyboard end
NtSetEvent(g_hInitEvent) - 2
--
Everything works fine, I can abort boot-scan by Esc, but why records about failure are present in the log?
-
What kind of keyboard(s) do you use?
-
Genius SlimMate 300 PS/2
HID\VID_0518&PID_0005&MI_01&COL01\7&31C90A83&0&0000
-
I thought HID usually meant USB, not PS/2...
Anyway, I think that it just means that the initialization of the keyboard took a while - and avast! had to retry a few times before it was successfully "connected".
Nothing to worry about.