Author Topic: New version finds rootkit hidden files - can't delete & nothing else does  (Read 49594 times)

0 Members and 1 Guest are viewing this topic.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #90 on: December 29, 2008, 05:07:07 PM »
With the invaluable help of polipodi, it seems that we have solved the problem now.
The fix should be included in the latest VPS update (081229-0).

Please try this latest VPS and report back if the problem is really solved.


BTW can anyone who had the problem confirm that their Windows volume is formatted as FAT32? (this would explain the increased number of Acer laptops in the set as Acer seems to preinstall Windows XP on FAT32 volumes).


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline yare

  • Newbie
  • *
  • Posts: 4
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #91 on: December 29, 2008, 08:50:40 PM »
Hi, my OS is running on FAT32 - I know, outdated but after installing all tools I left it like that (will transfer to NTFS in the future).

I have updated VPS and I am ready to run full scan  - will report results here as soon the scan is over.

Again thank you very much for very quick response to this issue.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83545
  • No support PMs thanks
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #92 on: December 29, 2008, 09:46:05 PM »
No need for a full scan, just reboot, the anti-rootkit scan runs 8 minutes after boot and takes seconds, so would be quicker than a full scan.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline TheScorpion

  • Jr. Member
  • **
  • Posts: 77
  • I'm a llama!
    • Dances With Marmots
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #93 on: December 29, 2008, 10:10:30 PM »
No need for a full scan, just reboot, the anti-rootkit scan runs 8 minutes after boot and takes seconds, so would be quicker than a full scan.
I found that the problem only made itself known if I did a 'full' scan. The scan would freeze at that point (about 3/4 through) and the suspicious files indicated. Just starting or rebooting my pc didn't produce the problem.



BTW can anyone who had the problem confirm that their Windows volume is formatted as FAT32? (this would explain the increased number of Acer laptops in the set as Acer seems to preinstall Windows XP on FAT32 volumes).

My system is FAT32 on an ASUS laptop. I'll run a full scan this morning and report results.
Impressed with the immediate action on the problem.  :)

Offline yare

  • Newbie
  • *
  • Posts: 4
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #94 on: December 29, 2008, 11:18:36 PM »
Everything works just fine  :) Full scan using avast! GUI completed w/o problems :)  I have to admit that there are differences in new build - scan is much faster than before (in my case even 30% faster - using same scanning options (thorough/scan archives/all local disks))

I ran full scan (via GUI) because boot-scan worked OK all the time (as TheScorpion has said) - issue with heuristic engine (at least in my case) occurred only when full scan was initiated using avast! GUI and only if scan area included system folder - on demand scan of every other folder/file worked ok.

Again, many thanks to avast! support team for such a quick response. Also many thanks to polipodi for providing test/debug machine that helped with bug reproduction.

Offline TheScorpion

  • Jr. Member
  • **
  • Posts: 77
  • I'm a llama!
    • Dances With Marmots
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #95 on: December 30, 2008, 01:35:08 AM »
Just completed a 'thorough' full scan with no problems.
Also, the 'percentage of files checked'  gauge is now working. Before it would remain at 0%.
Well sorted. Thanks.  :)

Offline gcon60

  • Newbie
  • *
  • Posts: 14
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #96 on: December 31, 2008, 04:59:31 PM »
Vik, polipodi and the rest of the Avast team, thank you all very much for the efforts you put into resolving this problem.  It has been a long journey from November 24th when I raised the issue, until now.  I am delighted you cracked it before we ran out of 2008 – a clean slate for the New Year.

Sorry, I was reluctant to allow access to my PC, but I have been working in computers most of my long life and you get cynical about security matters – paranoid even.  I was relying on a more trusting approach from others; thanks polipodi.

Anyway, upgraded from 1229 to 1296 with VPS 081230-0 and did a thorough scan.  BRILLIANT!  It all worked.

Have a Guid Ne’er day and a great 2009

Gerard
 ;D

Offline art13

  • Newbie
  • *
  • Posts: 16
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #97 on: December 31, 2008, 05:55:08 PM »
The problems I mentioned here:

http://forum.avast.com/index.php?topic=41157.0

at both the Packardbell-desktop and the Acer-laptop were solved with installing VPS (081229-0)

Both systems were FAT32 formatted.

Thanks to everbody contributing to the solution.

Art

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #98 on: December 31, 2008, 11:11:53 PM »
***

Though I did not have this problem, I would also like to thank Vik and the rest of the Avast team for a job well done ... and to polipodi for trusting the avast team to use his computer to research the problem.   :)


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline judy one

  • Newbie
  • *
  • Posts: 1
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #99 on: January 01, 2009, 10:25:09 PM »
I had AVAST on 2 systems.  I tried the new version.  It identified about 90 rootkit viruses that could not be deleted from one system.  Then I did a system restore.  AVAST new version still did the same thing.

BitDefender found about the same number of inaccessible files that were password protected (I recognized them) or compressed.  McAfee found no viruses. 

I believe the new version has a design flaw that is misinterpreting password protected or compressed files as rootkit infections.  I thought the problem was my computer until I found this forum.  Thank you.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11754
    • AVAST Software
Re: New version finds rootkit hidden files - can't delete & nothing else does
« Reply #100 on: January 01, 2009, 10:33:45 PM »
I believe the new version has a design flaw that is misinterpreting password protected or compressed files as rootkit infections. 

No, it's certainly not the case.
Please post a few examples of the detected filenames - and also check what version of VPS you have.