Author Topic: rootkit problem PLEASE HELP  (Read 1790 times)

0 Members and 1 Guest are viewing this topic.

CRUfADnicole

  • Guest
rootkit problem PLEASE HELP
« on: August 23, 2012, 03:28:30 PM »
Just tried to post this don't think it worked so here goes again . . .
I am an AVAST free user, running Windows 7. Ran a full scan yesterday and AVAST advised I had a rootkit 'mbamswissarmy' - I don't know much about viruses but this doesn't sound good.
So I went to move to chest and got message that AVAST recommended a reboot scan. So I did this and it came up with a Trojan which I successfully moved to the chest. Then I tried to move the rootkit to the chest as well, and it came up with the error 'the request is not supported (50)'.  So I tried deleting it and it came up with the error 'Access is denied (5)'. Couldn't do anything at all with it from any of the options. When I closed out of the scan log a message came up 'avast! needs to restart your computer, do you want to do it now?'. I did just in case, but it didn't change anything and I get this message every time I close out of that particular scan log.
I checked on the internet, found some suggestions and ran a programme to clean out my temporary files, then ran 'TDSSKiller', which found nothing. Then ran latest version of Malwarebytes anti-malware, this also came up with nothing. Then ran another full AVAST scan just in case, came up with nothing.
Does this mean the rootkit was somehow part of the Trojan, i.e. quarantined along with it, or is it still hiding somewhere? I really don't know enough about viruses to know. PLEASE HELP ME.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: rootkit problem PLEASE HELP
« Reply #1 on: August 23, 2012, 03:38:47 PM »
'mbamswissarmy' is the low level driver for MBAM so it was a false positive and is not a worry

CRUfADnicole

  • Guest
Re: rootkit problem PLEASE HELP
« Reply #2 on: August 24, 2012, 09:50:44 AM »
Thanks essexboy, much appreciated