Avast seems to have found a rootkit but...where is it??

[MaxReed]

Avast (I hope it was him) showed me a pop-up on my laptop and on my netbook, telling me that he found a possible rootkit, so i clicked on "Delete it now" and the pop-up was closed after that. I opened the UI and I saw in File System Shield that there wasn't any trace of any infected item and this is for all shields. The found rootkits it isn't present neither in the virus basket neither in any protection log...so...this is a normal behavior that he asked me how to do with a rootkit but he doesn't show me it in any log? 
On netbook the "rootkits" was called: mbam(somethings).sys 

[Chris Thomas]

Try clicking the Shield log.

Try doing a Boot Time Scan to be sure

Usually when virus is not being able to be moved to the Virus Chest, they are deleted.

Edited :

[Pondus]

On netbook the "rootkits" was called: mbam(somethings).sys 

sounds like a FP on a malwarebytes file.......do you have malwarebytes?

[Chris Thomas]

On netbook the "rootkits" was called: mbam(somethings).sys

sounds like a FP on a malwarebytes file.......do you have malwarebytes?

According to his sig he does.

[MaxReed]

Yes I have malwarebytes and the I just found this on the netbook in c:\ProgramData\AVAST Software\Avast\Log\EventLog.txt

AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: MBAMSwissArmy > C:\windows\system32\drivers\mbamswissarmy.sys failed, C000003B.
07/11/2012   20:04:02   AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: MBAMSwissArmy > C:\windows\system32\drivers\mbamswissarmy.sys (*RAW:SVC: MBAMSwissArmy > C:\windows\system32\drivers\mbamswissarmy.sys) returning error, C000003B.
07/11/2012   20:33:03   AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: wlcrasvc > C:\Program failed, C000003B.
07/11/2012   20:33:03   AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: wlcrasvc > C:\Program (*RAW:SVC: wlcrasvc > C:\Program) returning error, C000003B.
07/11/2012   20:34:27   Internal error has occurred in module basSubmitFile failed! , function 0000007B.
07/11/2012   20:34:32   Internal error has occurred in module basSubmitFile failed! , function 0000007B.
07/11/2012   20:34:46   Cannot delete file during super quick scan...
07/11/2012   20:34:58   Cannot delete file during super quick scan...

and on laptop the Boot Time Scan haven't found nothing as a complete scan with mbam

[Chris Thomas]

Similar problem I think

http://forum.avast.com/index.php?topic=104669.0

http://forum.avast.com/index.php?topic=98405.0

No need to worry about it I guess

Quote:

Please open Malwarebytes Anti-Malware and begin a scan (it can be a Quick scan or a Full scan, your choice) and while the scan is running, mbamswissarmy.sys should be present in C:\Windows\System32\drivers. MBAM simply removes the file when it isn't using it and then replaces it again when it is using it for a scan.

http://forums.malwarebytes.org/index.php?showtopic=100877

Edited : More info

[jadinolf]

I get that message at one or more of my five computers.

Boot scan shows nothing every time.

[steen]

I've had recurrent rootkit warnings with the following: C:\Program Files\EVGA Precision>RTCore32.sys & RTCore64.sys. EVGA Precision is the monitoring/overclock app for my GPUs. Subsequent scan reveals clean bill of health, but will pop up again a few weeks later. Behaviour shield?