Author Topic: avast! Free and aswmbr - difference in detections?  (Read 1920 times)

0 Members and 1 Guest are viewing this topic.

Zai

  • Guest
avast! Free and aswmbr - difference in detections?
« on: January 16, 2014, 10:45:45 PM »
Hi,

I've been reading some stuff about MBR rootkits lately and came across mentions of aswMBR. This utility provided by avast is often suggested (in this forum, for instance) for scanning for MBR rootkits and (ideally) removing them by replacing the MBR.

My question now is: Does aswMBR detect (!) anything that the installed version of avast! Free does not detect?

I've read in an old thread in this forum that avast! scans the MBR when "All harddrives" are scanned. So would avast! be able to detect the same rootkits (possibly in the MBR) as aswMBR would, but avast! would give less detailed information / not be able to replace the MBR / try to fix this kind of rootkit? Or does it scan differently / for other things as aswMBR (in which case I wonder why that would be?)?

I found pretty much the same question asked on superuser.com in 2011 and users there guessed that avast! and aswMBR would detect the same infections, but there was not definitive answer by an avast! official and I'm curious. :-)

Thanks in advance for your help!
Zai

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: avast! Free and aswmbr - difference in detections?
« Reply #1 on: January 16, 2014, 11:21:22 PM »
From experience AswMBR will generate a dump of the MBR for analysis and also has the ability to replace the MBR and cure some specific bootkit type viruses.  If it cannot cure them it will give an indication of where the problem area lies.

An Avast scan may not detect the actually rootkit/bootkit in operation but will block and alert when the virus tries to call home. 

Due to the nature of this type of virus dedicated tools are required which will not be available within the main AV, purely due to the variable nature in the way that the infections are operating 

Zai

  • Guest
Re: avast! Free and aswmbr - difference in detections?
« Reply #2 on: January 17, 2014, 06:50:07 PM »
Hey essexboy,

thanks for your first explanation! :-)

From what you wrote, I understand that aswMBR brings some additional functionality relating to rootkits / MBR rootkits, like giving more detailed information on the MBR state and offering to replace the MBR, which avast! cannot provide itself.

I'm not sure if my main question is already answered, though: When aswMBR scans the MBR and when avast! scans the MBR (which it apparently does when "All harddrives" are scanned, according to this old thread in this forum), would they both detect the same rootkits, if there were any they could detect?

So are avast! and aswMBR both able to detect the same things, but only aswMBR can give more detailed info and try to fix it? Or does aswMBR search for different rootkits or using different definitions, so it would detect more/other rootkits than the MBR scan by avast! could?

Does anyone know the answer to this question and could comment on this issue? I'd very much appreciate it! :-)


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: avast! Free and aswmbr - difference in detections?
« Reply #3 on: January 17, 2014, 07:09:53 PM »
They will both detect the same rootkit on a bootscan with Avast.  But, there are some bootkits that create a hidden partition with a dummy MBR being displayed for Antivirus programmes running normally
AswMBR will see through this but Avast may be suckered :)

Zai

  • Guest
Re: avast! Free and aswmbr - difference in detections?
« Reply #4 on: January 18, 2014, 09:40:40 PM »
Thanks for the explanation!

But wouldn't that mean that it would make sense to scan with aswMBR once in a while (because it might detect more than plain avast!)?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: avast! Free and aswmbr - difference in detections?
« Reply #5 on: January 18, 2014, 11:03:45 PM »
Not really as although Avast may not detect it, it will detect the effects and alert you whilst blocking the connection