Author Topic: Avast ANTIROOTKIT  (Read 8192 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast ANTIROOTKIT
« on: January 15, 2017, 07:52:10 PM »
Hello all
I downloaded Avast Antirootkit 0.9.6 and it executed it on my Windows 2008 R2 VPS server.
It found 29 items on HDD and masive amount of items in the registry, more then 5000 and it still works ...
Is it safe to Delete all those items?
Thank you.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Avast ANTIROOTKIT
« Reply #1 on: January 15, 2017, 07:54:10 PM »
Quote
Is it safe to Delete all those items?
Impossible to answer without the log

avast have a rootkits scanner (gmer) integrated in the AV engine and will perform a rootkit scan 8min after computer start


REDACTED

  • Guest
Re: Avast ANTIROOTKIT
« Reply #2 on: January 15, 2017, 08:03:39 PM »
Hello
thank you for your answer.
I downloaded it from http://files.avast.com/files/beta/aswar.exe
and executed in the temp directory and it still running.
I see aswar.log file in program directory (it is currently about 2 MB) - do you need that file?
I did not restarted my server, just executed aswar.exe and clicked on Start scanning.
Thank you.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Avast ANTIROOTKIT
« Reply #3 on: January 15, 2017, 08:21:55 PM »
Quote
do you need that file?
To answer your question, yes

Experts are notified but they are probably not online before tomorrow

why are you running a rootkit scan, any problems?



« Last Edit: January 15, 2017, 08:23:40 PM by Pondus »

REDACTED

  • Guest
Re: Avast ANTIROOTKIT
« Reply #4 on: January 15, 2017, 08:35:44 PM »
OK I will upload a log once scanning is finished.
Before few days I saw that Google Chrome will not run any more (it displayed sad face so I asked Google for help.
They answered I need to try run some malware software.
I tried many of them and noticed that some of them want to install specific driver by Windows boot - to test the system - but they failed.
Then I was 99% sure that I have something but only Avast Antirootkit actually said there are Rootkits.
It runs now for more then hour and found more then 8000 items so I'm waiting it to finish.
I suppose I need to purchase some license to remove them?
Could you please give me any info about that?
Thank you.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Avast ANTIROOTKIT
« Reply #5 on: January 15, 2017, 08:41:32 PM »
Quote
I suppose I need to purchase some license to remove them?
No

when scan is finish, attach log, dont remove anything

also see here  >  https://forum.avast.com/index.php?topic=194892.0
Scroll down to second picture > Farbar recovery scan tool
Follow instructions and attach the two diagnostic logs

Then a expert will assist you tomorrow





REDACTED

  • Guest
Re: Avast ANTIROOTKIT
« Reply #6 on: January 15, 2017, 08:52:11 PM »
OK will do so, thank you.

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Avast ANTIROOTKIT
« Reply #7 on: January 15, 2017, 09:12:16 PM »
Hi guys,

I just want to mention that aswar is a very old and obsolete version, you schould not use anymore.

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

REDACTED

  • Guest
Re: Avast ANTIROOTKIT
« Reply #8 on: January 15, 2017, 09:32:56 PM »
Is there any other Rootkit scanner for Windows Server 2008?
Thank you.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast ANTIROOTKIT
« Reply #9 on: January 15, 2017, 10:09:44 PM »
There are searchengines  ;)

If you are running a server and need to ask the things you did here, I suggest you hire a real admin.
« Last Edit: January 16, 2017, 10:10:58 AM by Eddy »

REDACTED

  • Guest
Re: Avast ANTIROOTKIT
« Reply #10 on: January 15, 2017, 11:27:03 PM »
Hello
I did try other rootkit scanners but they can not run because they can not install some driver when booting. Only Avast was able to find them..
What real admin I need to hire? Could you please give me more info's?
Thank you.

Offline dbrisendine

  • Malware Fighter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1258
Re: Avast ANTIROOTKIT
« Reply #11 on: January 17, 2017, 08:32:24 AM »
There are searchengines  ;)

If you are running a server and need to ask the things you did here, I suggest you hire a real admin.

I think the question is, why are you running Windows Server 2008?  Are you providing services to users or just running a no-cost OS?
Win7 x32 Ult. SP1, Brain 2.0 / Win10 x64, Brain2.5
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

REDACTED

  • Guest
Re: Avast ANTIROOTKIT
« Reply #12 on: January 18, 2017, 09:43:36 AM »
I'm running VPS and there is Server 2008 installed.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Avast ANTIROOTKIT
« Reply #13 on: January 18, 2017, 09:46:03 AM »
for help, attach the requested logs


REDACTED

  • Guest
Re: Avast ANTIROOTKIT
« Reply #14 on: January 18, 2017, 11:16:20 AM »
for help, attach the requested logs

Hello
I sent you a PM.
Thank you.