Author Topic: Avast anti-rootkit scan  (Read 8738 times)

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 968
  • Gender: Male
    • Personal Message (Offline)
Avast anti-rootkit scan
« on: November 05, 2008, 12:31:00 PM »
Dear Avast Forum,

Can somebody please tell me how to execute an Avast anti-rootkit scan?

Is this automatically done when a full boot-time scan is completed?

I am using Avast Pro 4.8.1229 with virus defs 081104-0. I understand Avast has an anti-rootkit function however I am a little unsure!

Any help would be much appreciated!

Thanks,

Avastfan1
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline FreewheelinFrank

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4854
  • Gender: Male
  • I'm a GNU
    • Don't Surf in the Nude!
    • Personal Message (Offline)
Re: Avast anti-rootkit scan
« Reply #1 on: November 05, 2008, 12:50:33 PM »
AFAIK it's done when the boot time scan happens.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Avast anti-rootkit scan
« Reply #2 on: November 05, 2008, 02:35:40 PM »
Depends on your OS, the anti rootkit doesn't work with win9x, winME.

It is run automatically 8 minutes after start-up, when you run an on-demand scan with a sensitivity of Standard or Thorough (not Quick) it is run as part of that scan too.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 968
  • Gender: Male
    • Personal Message (Offline)
Re: Avast anti-rootkit scan
« Reply #3 on: November 05, 2008, 09:53:08 PM »
Dear Forum,

Thanks for your speedy reply!

Four follow-up questions:
- @Dave Could you confirm Frank's comment that it's run as part of a boot-time scan?
- How do you know it's been run 8 minutes after startup - I notice no harddrive activity? :S
- Is there a separate log or results report to confirm nothing/something was found?
- Would you recommend any complementary anti-rootkit products as an additional security?

Thanks in advance!

Avastfan1
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Tarq57

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3696
  • Gender: Male
  • If at first you don’t succeed; call it version 1.0
    • Personal Message (Offline)
Re: Avast anti-rootkit scan
« Reply #4 on: November 05, 2008, 10:34:58 PM »
The indication it has been run is located at (normally) C:\Program Files\Alwil Software\Avast4\DATA\logand the title is aswAR.log. (opens in notepad.)
As to the other three questions, I couldn't say. I've not noticed extra HDD activity 8 minutes after start, but nor have I especially listened/watched for it.
The rootkit scanner is based on the GMER application, which I think is respected and capable. Extra demand scanner/s are up to you. My choice would be not to bother if there was no indication of anything found.
Maybe a checkup (second opinion) scan with a few demand scanners of different categories (AV, AS, Rootkit) every few months. So far I've not found anything significant by following that protocol. The odd FP; the odd tracking cookie. So I'm reasonably confident that the various modules in Avast do a pretty decent job. Actually, a very decent job.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Avast anti-rootkit scan
« Reply #5 on: November 05, 2008, 11:05:33 PM »
Four follow-up questions:
- @Dave Could you confirm Frank's comment that it's run as part of a boot-time scan?
- How do you know it's been run 8 minutes after startup - I notice no harddrive activity? :S
- Is there a separate log or results report to confirm nothing/something was found?
- Would you recommend any complementary anti-rootkit products as an additional security?
1. If I could I would have at the time, to find out I would have run a boot-time scan and checked out the aswAr.log file mentioned by Trag57. You would have to be quick in checking as 8 minutes after boot it would run and overwrite the previous log.
2 & 3. As Targ57 mentioned.
4. I have a few I would try if I felt that I may have a rootkit, but since they will be constantly updated keeping a copy of them is of limited use as it is best to get the latest version before you run it.

There are more anti-rootkit scanners than you can shake a stick at but the greatest majority are totally user unfriendly as they present the user with more questions than answers. There are very few that I would consider efficient and relatively user friendly, but even then you may need further advice.

- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight

GMER (and to a degree Rootkit Revealer) as mentioned is very powerful, but a little like the hijackthis of anti-rootkits as it produces volumes of data that you have to analyse. So these to my mine aren't for your average user.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 968
  • Gender: Male
    • Personal Message (Offline)
Re: Avast anti-rootkit scan
« Reply #6 on: November 06, 2008, 09:25:25 AM »
Dear All,

Many thanks again for the speedy and detailed replies!

Log file was there as you predicted and reported 0 hidden files, registry items, processes, services or boot sectors found! Yay me! :D

I've also noted down the anti-rootkit programs so again many thanks for the great advice!

Keep up the sterling work lads, you are doing a fantastic job. I hope somebody does something nice for you today.

I wish you all a great day and end to the week!

Avastfan1
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Avast anti-rootkit scan
« Reply #7 on: November 06, 2008, 12:53:29 PM »
You're welcome.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Bluesman

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 882
  • Gender: Male
  • Amiga Power!
    • Personal Message (Offline)
Re: Avast anti-rootkit scan
« Reply #8 on: November 06, 2008, 01:02:19 PM »
Many thanks again for the speedy and detailed replies!

Be prepared for fast and detailed replies here, this forum is GREAT! Many nice members, that really want to help! :)
"The blues are the roots, everything else is the fruits" -Willie Dixon

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 968
  • Gender: Male
    • Personal Message (Offline)
Re: Avast anti-rootkit scan
« Reply #9 on: November 06, 2008, 03:11:12 PM »
Bluesman: du är väl svensk eller hur? :D
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Bluesman

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 882
  • Gender: Male
  • Amiga Power!
    • Personal Message (Offline)
Re: Avast anti-rootkit scan
« Reply #10 on: November 06, 2008, 03:15:55 PM »
Bluesman: du är väl svensk eller hur? :D

Yes, I am swedish :) But we talk english here, so everybody can understand ;)

If you want to talk about avast on our language, I can recommend the forum @ http://www.avasthome.se/ :)

My nick is Columbo there!

See ya', or as we say in swedish, SKÅL! ;)
« Last Edit: November 06, 2008, 03:18:54 PM by Bluesman »
"The blues are the roots, everything else is the fruits" -Willie Dixon

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now