New version finds rootkit hidden files - can't delete & nothing else does

[igor]

I'd say the file is called aswAr0.dll, not aswArO.dll (i.e. it's zero, not "O" letter)

[Crowella]

Is this what you need? Attached it down below.

Christine

[Eddy]

See, you can do it (with a little help) 

[Vlk]

Is this what you need? Attached it down below.

Unfortunately not quite.

I need the file C:\Program Files\ALWIL Software\Avast4\Data\Log\aswAr1.log (if it exists; if it doesn't, we have done something wrong)...


Thanks
Vlk

[Crowella]

Hi there, i think i've got it but couldn't attach it as the file was too large, any suggestions? Can't copy/paste it as there's too much text; it's a looong list! I could email it if that's any good?

Christine

[igor]

Sure, you can send it to Vlk's e-mail (you'll see it when you click on his profile).
Or, if needed, you can upload it to our FTP server: ftp://ftp.avast.com/incoming
Thanks!

[Crowella]

Thanks for that, i've just emailed it to him, bet you're all fed up of me now! 

Cheers all!

Christine

[igor]

Of course not... we'd like to uncover this mystery.
Thanks for your help, let's hope Vlk finds out something.

[Eddy]

Thanks for that, i've just emailed it to him, bet you're all fed up of me now!

No way! 

Vlk loves these problems

[Crowella]

I'm glad someone does! Viruses, trojans, rootkits...for me it's the stuff of nightmares! I'm even starting to feel nostalgic for those halcyon days of Sinclair ZX Spectrums (my Dad had one), before viruses and all the other nasties were ever invented! Ahh... happy days! 

Christine

[Vlk]

Interesting indeed.

Could you please try doing the following?

Go to My Computer, right-click disk C: and choose Properties. Go to the Tools page and click the "Check Now..." button.

Click Start, and let the operation complete.

Does it report any problems?

And if you re-run the scan after this, does it still find the "rootkits"?

Thanks
Vlk

[Crowella]

Hi there,

Just did the disk check as you asked and no problems - 'Disk check complete'. Will re run Avast scan and let you know! When you say 'interesting' does that mean good interesting or bad (you're full of nasty viruses) interesting?

Cheers,

Christine

[Crowella]

Grrrr...ok, just finished the Avast scan and it's exactly the same; the pop up saying suspicious files (the rootkits) have been found using the heuristic method and asking me to reboot, then the pop up appears informing me there's a virus in the memory.

Nothing's changed i'm afraid! 

Night night all...

Christine

[gcon60]

Hi Vik,

I have been reading your latest suggestions.  Would it be useful if I also sent you the resultant file?

Gerard

[Vlk]

Hi gcon60,

I don't know how proficient you are with computers, but if you can handle the command line, I'd be grateful if you could do the following:

1. download http://public.avast.com/~vlk/avar.exe and place it to a directory
2. start cmd.exe, go to the directory where you placed avar.exe and run the following command

avar.exe -a -f c:\ >avar.txt

3. when the command completes (may take some time, roughly 10 minutes or so, depending on the size of your C: drive) send me the resulting file avar.txt (by email).


Thanks
Vlk