Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Avastfan1 on November 05, 2008, 02:31:00 PM
-
Dear Avast Forum,
Can somebody please tell me how to execute an Avast anti-rootkit scan?
Is this automatically done when a full boot-time scan is completed?
I am using Avast Pro 4.8.1229 with virus defs 081104-0. I understand Avast has an anti-rootkit function however I am a little unsure!
Any help would be much appreciated!
Thanks,
Avastfan1
-
AFAIK it's done when the boot time scan happens.
-
Depends on your OS, the anti rootkit doesn't work with win9x, winME.
It is run automatically 8 minutes after start-up, when you run an on-demand scan with a sensitivity of Standard or Thorough (not Quick) it is run as part of that scan too.
-
Dear Forum,
Thanks for your speedy reply!
Four follow-up questions:
- @Dave Could you confirm Frank's comment that it's run as part of a boot-time scan?
- How do you know it's been run 8 minutes after startup - I notice no harddrive activity? :S
- Is there a separate log or results report to confirm nothing/something was found?
- Would you recommend any complementary anti-rootkit products as an additional security?
Thanks in advance!
Avastfan1
-
The indication it has been run is located at (normally) C:\Program Files\Alwil Software\Avast4\DATA\logand the title is aswAR.log. (opens in notepad.)
As to the other three questions, I couldn't say. I've not noticed extra HDD activity 8 minutes after start, but nor have I especially listened/watched for it.
The rootkit scanner is based on the GMER application, which I think is respected and capable. Extra demand scanner/s are up to you. My choice would be not to bother if there was no indication of anything found.
Maybe a checkup (second opinion) scan with a few demand scanners of different categories (AV, AS, Rootkit) every few months. So far I've not found anything significant by following that protocol. The odd FP; the odd tracking cookie. So I'm reasonably confident that the various modules in Avast do a pretty decent job. Actually, a very decent job.
-
Four follow-up questions:
- @Dave Could you confirm Frank's comment that it's run as part of a boot-time scan?
- How do you know it's been run 8 minutes after startup - I notice no harddrive activity? :S
- Is there a separate log or results report to confirm nothing/something was found?
- Would you recommend any complementary anti-rootkit products as an additional security?
1. If I could I would have at the time, to find out I would have run a boot-time scan and checked out the aswAr.log file mentioned by Trag57. You would have to be quick in checking as 8 minutes after boot it would run and overwrite the previous log.
2 & 3. As Targ57 mentioned.
4. I have a few I would try if I felt that I may have a rootkit, but since they will be constantly updated keeping a copy of them is of limited use as it is best to get the latest version before you run it.
There are more anti-rootkit scanners than you can shake a stick at but the greatest majority are totally user unfriendly as they present the user with more questions than answers. There are very few that I would consider efficient and relatively user friendly, but even then you may need further advice.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip).
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp (http://www.trendmicro.com/download/rbuster.asp)
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight (http://www.f-secure.com/blacklight)
GMER (and to a degree Rootkit Revealer) as mentioned is very powerful, but a little like the hijackthis of anti-rootkits as it produces volumes of data that you have to analyse. So these to my mine aren't for your average user.
-
Dear All,
Many thanks again for the speedy and detailed replies!
Log file was there as you predicted and reported 0 hidden files, registry items, processes, services or boot sectors found! Yay me! :D
I've also noted down the anti-rootkit programs so again many thanks for the great advice!
Keep up the sterling work lads, you are doing a fantastic job. I hope somebody does something nice for you today.
I wish you all a great day and end to the week!
Avastfan1
-
You're welcome.
-
Many thanks again for the speedy and detailed replies!
Be prepared for fast and detailed replies here, this forum is GREAT! Many nice members, that really want to help! :)
-
Bluesman: du är väl svensk eller hur? :D
-
Bluesman: du är väl svensk eller hur? :D
Yes, I am swedish :) But we talk english here, so everybody can understand ;)
If you want to talk about avast on our language, I can recommend the forum @ http://www.avasthome.se/ :)
My nick is Columbo there!
See ya', or as we say in swedish, SKÅL! ;)