Author Topic: AVAST ALARMED. POSSIBLE ROOTKIT DETECTED? (Read 3486 times)

bobo1 · « **on:** September 15, 2012, 08:20:00 AM »

Hi,
Had an Avast alert red popup this morning.

Possible rootkit detected on todays virus definitions on behavior sheild on max sensitiviy setting.

"C:/WINDOWS/ SYSTEM32 DRIVERS MBAMSWISSARMY. SYS."

Was running malware bytes at the time? doing a routine scan today.

Need more info if this alarm is true or false or if it is a false alert? or a file related to Malwarebytes? . If it is a true detection will have to scrub my computer then? if it is a rootkit?

?

Theo Peterbroers · « **Reply #1 on:** September 15, 2012, 09:15:51 AM »

That's what you get when on max sensitivity.

It's a Malwarebytes file, see http://forums.malwarebytes.org/index.php?showtopic=81945

Congratulations, if that was the only alert avast gave you.

ajey · « **Reply #2 on:** September 15, 2012, 04:11:38 PM »

Kwartet! is right it is just due to the high sensitivity you have...
It's not a malware 100% sure

Stay safe

iroc9555 · « **Reply #3 on:** September 15, 2012, 04:49:38 PM »

Bobo1.

Old detection. Weird is back.

Did you have MBAM UI open when Avast! looking for rootkits 8 min after boot ? MBAMSWISSARMY. SYS shows in Drivers only with MBAM UI open or it updates.

http://forum.avast.com/index.php?topic=98405.msg784695#msg784695

For sure a F/P.

bobo1 · « **Reply #4 on:** September 16, 2012, 01:08:47 PM »

Yes i did. And avast does the rootkit check/ scan after computer has booted.
Malwarebytes was running at the time. Avast was not opened to gui at the time just running in the system tray. Alert popped up within 3mins after computer was running.
Poss just a blip?. Was running malwarebytes this morning as a routine check once a fortnight.

CraigB · « **Reply #5 on:** September 16, 2012, 01:25:16 PM »

Another reason why the Malwarebytes developers suggest excluding there program from antiviruses

akama1 · « **Reply #6 on:** September 17, 2012, 01:27:58 PM »

Quote from: bobo1 on September 15, 2012, 08:20:00 AM

Hi,
Had an Avast alert red popup this morning.

Possible rootkit detected on todays virus definitions on behavior sheild on max sensitiviy setting.

"C:/WINDOWS/ SYSTEM32 DRIVERS MBAMSWISSARMY. SYS."

Was running malware bytes at the time? doing a routine scan today.

Need more info if this alarm is true or false or if it is a false alert? or a file related to Malwarebytes? . If it is a true detection will have to scrub my computer then? if it is a rootkit??

avast behaviour shield has a max sensitivity setting? how did you get that? O.o

Author Topic: AVAST ALARMED. POSSIBLE ROOTKIT DETECTED? (Read 3486 times)

bobo1

AVAST ALARMED. POSSIBLE ROOTKIT DETECTED?

Theo Peterbroers

Re: AVAST ALARMED. POSSIBLE ROOTKIT DETECTED?

ajey

Re: AVAST ALARMED. POSSIBLE ROOTKIT DETECTED?

iroc9555

Re: AVAST ALARMED. POSSIBLE ROOTKIT DETECTED?

bobo1

Re: AVAST ALARMED. POSSIBLE ROOTKIT DETECTED?

CraigB

Re: AVAST ALARMED. POSSIBLE ROOTKIT DETECTED?

akama1

Re: AVAST ALARMED. POSSIBLE ROOTKIT DETECTED?