« previous next »
Pages: [1]   Go Down

Author Topic: Avast Anti Rootkit (problem)  (Read 2810 times)

0 Members and 1 Guest are viewing this topic.

Offline patrice58

  • Advanced Poster
  • **
  • Posts: 678
  • I'm a llama!
Avast Anti Rootkit (problem)
« on: June 03, 2008, 03:38:57 AM »
The beta version of avast anti rootkit found this file now I wanted to know is it a real rootkit or just a fp?

avast! Antirootkit, version 0.9.6
Scan started: 02 June 2008 21:34:36


Scan finished: 02 June 2008 21:46:00
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------


avast! Antirootkit, version 0.9.6
Scan started: 02 June 2008 21:47:45

File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\plugtmp-7\160x600_SC_FlipLoader.swf  **HIDDEN**

Scan finished: 02 June 2008 22:50:43
Hidden files found: 1
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------
Logged
Vista Home Premium 32 bit (user account) CISC 4.1.150349.920 + CAV (On Access) + Sandbox,V-Engine 2.7.0.37, SpywareBlaster 4.3, SAS (free), a-squared (free) MBAM (free) Finjan Secure Browsing, Windows Defender (scanner only), Zemana AntiLogger 1.9.2.206,

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
Re: Avast Anti Rootkit (problem)
« Reply #1 on: June 03, 2008, 04:08:12 AM »
Please, don't post twice the same...
http://forum.avast.com/index.php?topic=36058.0

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limit of 10Mb.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.
Logged
The best things in life are free.

Offline patrice58

  • Advanced Poster
  • **
  • Posts: 678
  • I'm a llama!
Re: Avast Anti Rootkit (problem)
« Reply #2 on: June 03, 2008, 05:41:43 AM »
Well since it is a hidden file I can't upload it to that site I have tried already.
Logged
Vista Home Premium 32 bit (user account) CISC 4.1.150349.920 + CAV (On Access) + Sandbox,V-Engine 2.7.0.37, SpywareBlaster 4.3, SAS (free), a-squared (free) MBAM (free) Finjan Secure Browsing, Windows Defender (scanner only), Zemana AntiLogger 1.9.2.206,

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11873
    • AVAST Software
Re: Avast Anti Rootkit (problem)
« Reply #3 on: June 03, 2008, 01:11:01 PM »
I believe you don't have to worry about it - it was most likely a temporary file, created for a short while and deleted afterwards - and the ongoing scan for hidden files recognized it as a file hiding itself.
Logged

Offline patrice58

  • Advanced Poster
  • **
  • Posts: 678
  • I'm a llama!
Re: Avast Anti Rootkit (problem)
« Reply #4 on: June 03, 2008, 09:38:10 PM »
Ok when I saw I had a rootkit I almost cried so it might be a fp? There has been quite a few of those with the stand alone anti rootkit, oh by the way does anybody know what that file name is .swf ?
Logged
Vista Home Premium 32 bit (user account) CISC 4.1.150349.920 + CAV (On Access) + Sandbox,V-Engine 2.7.0.37, SpywareBlaster 4.3, SAS (free), a-squared (free) MBAM (free) Finjan Secure Browsing, Windows Defender (scanner only), Zemana AntiLogger 1.9.2.206,

sanctuaryforever

  • Guest
Re: Avast Anti Rootkit (problem)
« Reply #5 on: June 03, 2008, 09:43:59 PM »
.swf is shockwave flash format I think
Logged
Pages: [1]   Go Up
« previous next »