Hi there,
I have been a happy Avast user (latest Free version) the last years. I have a Windows 7 machine, everything updated. I have Malwarebytes Free installed to do regular scans. I never had any problems.
Today Avast detected a rootkit in (I hope I got it right) mbamswissarmy.sys. Unfortunately, I didnt make a screenshot but I think this was the file. First question: Is there any way I can find this alarm? I have looked in every protection module but nothing is stated there.
Now to the scenario: I booted the computer only to look up the last scan log of MBAM really quick. I booted, and after the desktop appeared went immediately into MBAM, looked at the logfile. Then, I closed the MBAM GUI and then I had the rootkit alarm from Avast. The whole thing took perhaps 5-10 minutes. I have looked into several topics. Apparently, this is not uncommon. However, I came across this thread
http://forum.avast.com/index.php?topic=98405.30 and a user there wrote:
SVC:MBAMSwissArmy Rootkit will pop-up from an antivirus program if it detects a malicious service running on the system. The detection is for a legitimate file called mbamswissarmy.sys that is modified by a virus infection that causes the main program to fail. There are also other variants of Trojan hitting the same file in order to run a malware code every time the affected software is executed. With the rootkit identified in this threat, there is a possibility that the threat attempts to conceal its presence from the infected computer by appending its own code to valid Windows’ system files.
Now, Im a bit worried.
What would you recommend to do? A Fullscan with Avast? A Fullscan with MBAM? A scan on startup with Avast?
Thanks very much for your help.
