Can't find it

[ngwithrsd]

Okay here is the stink. Installed avast to test it against other security programs. Scanned with Norton 360, Super Anitspyware AND Malwarebytes and found absolutely nothing on the system in question. Then suddenly after being on the system for about 10 minutes avast announces it has found this rootkit and then the only action appears to be to delete or remove it. I don't know what the file was or where it was and I would like to find a log to tell me what exactly was deleted. Nothing in the chest and no record anywhere in the status of anything affected ever being found at all. So what gives? Was there anything on the system in the frist place and if so where is the record of it? I looked in the avast log folder and I don't see anything. So where do I find a record of this phantom file that just seems to have vanished?

Using Windows 7  pro 64 bit

[DavidR]

To start with having two resident anti-virus scanners installed is one too many and not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.

This could be a conflict, but since you give no information on the avast detection, file name and location (or screenshot of the alert window), this is speculation. Avast runs an anti-rootkit scan 8 minutes after boot and it sounds like this is what has alerted, but the information is still required. It could be that it is detecting another security application hidden service/process.

Check the C:\ProgramData\AVAST Software\Avast\log\aswAr.log (this may well be a hidden folder, if you haven't changed your explorer folder options). This file is overwritten if you have rebooted since the alert, making notes at the time of an alert is advisable.

You can really test another resident antivirus whilst having another resident AV installed.

[ngwithrsd]

Well I used Pandora a file retrieving utility to try and discover exactly what Avast had deleted and it would appear that the majority of the files that were deleted may indeed have belonged to Norton 360 and that this was indeed a false positive based on the conflict you suggested. It should be worth noting that prior to the install of Avast, Norton Power Eraser, Hitman Pro and Kapersky all declared the system in question clean....

[DavidR]

Not necessarily a false positive based on possible conflict, as it may well have been finding its virus signatures in files, or a low level driver (hidden) could be very suspect, which is why the detection information is important. So I would check the log file location I gave.

Since you mention "it would appear that the majority of the files that were deleted may indeed have belonged to Norton 360" to me that implies that you ran another scan ?

The anti-rootkit scan would only be detecting a single or perhaps two detections not masses of them.