Author Topic: "Suspicious Files Found" Questions  (Read 3750 times)

0 Members and 1 Guest are viewing this topic.

william j.

  • Guest
"Suspicious Files Found" Questions
« on: December 09, 2008, 09:20:50 AM »
I have searched and read through most of the questions and responses posted before on this topic. However I have a few questions that I didn't see an answer to.

First, I'm running Avast Home 4.8.1296.0, which I beleve is the latest version. I started using Avast Home about 6 months ago and have checked for updates daily for the iAVS and  program updates over that time. I  have always had the searches come up clean in the past up until two days ago when I got a page full of "Suspicious Files Found" partway through the scan. There are well over 100 files in the list, almost all DLL files from Win2000\system32 subdirectories. Under "TYPE" all the files say the same thing..... "Rootkit Hidden File". Whether they are all infected or not, or whether they are all readl W2K files or added infected files, I don't know. This leads to problem #1.

At the bottom of the Suspicios fFiles Found page is Submission area with a checkbox to "Submit the files to ALWIL Software virus lab for further analysis."  I checked the box, bu nothing happened. I very much wanted to do that, but there is no interactive button to press saying "Send" or "Submit". There are only two chices in the "Available Actions" section above, to either Delete Now or Ignore, but no button to send the files. So Question #1 is: How do I make the software send the files in for analysis?

Question #2:  Since I've had the Sanner and the A/V Database always loaded from bootup on the toolbar for the past 6 months that I've used Avast, how did this rootkit virus get into my PC, if it was being "protected" by the scanner software?

Question #3: When I tried to continue, Avast said I had an active virus in memory and that I needed to reboot my system. I agreed and clicked OK. It then rebooted the system, but hung up early in the boot process with the screen text saying (approximatedly): "Avaist software checking ...... " It added the dots on the screen and then froze. I waited for ten minuts, then left for two hours and came back to see the "Blue Screen of Death" , i.e., the system had creashed. I shut down, restarted, and managed to get booted up without any further problems. I ran AVAST again and got the same Suspicious FIles Found message, reboot, and crash on reboot as the fiest time. So AVAST has NOT clear the virus out, so it's still there in memory apparently.

 So what am I to do now? AVAST seems incapable of handling the problem. I can't seem to get the files sent in to be checked, and Avast crashed both times I tried to follwo its advice to fix the problem. If anyone can help I'd really appreciate it.

Thank you very much.

William



onlysomeone

  • Guest
Re: "Suspicious Files Found" Questions
« Reply #1 on: December 09, 2008, 10:10:34 AM »
Hi william j.!

#1: the files are uploaded when you update avast...

probably the detected rootkits are false positives - first you should try to update your avast!-installation and check if the rootkits are still found...

do you use any other security software?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: "Suspicious Files Found" Questions
« Reply #2 on: December 09, 2008, 11:39:24 AM »
Are you still experiencing "Rootkit Hidden File" detections?
If they are coming and going, if they occur just once, seem, indeed, false positive detections.

You were protected by the resident of avast and the problem could have arose due to a virus database update ???

About the boot time scanning, can you post the contents of the report file?
<avast4>\Data\Report\aswBoot.txt

The best things in life are free.

william j.

  • Guest
Re: "Suspicious Files Found" Questions
« Reply #3 on: December 10, 2008, 10:22:46 AM »
Hello onlysomeone,

Thank you for your reply. As to your questions, I manually update both the virus file and the program daily (from the Scanner icon on the taskbar) just to be sure it's up-to-date. My O/S is standard Windows 2000 so why would Avast Home 4.8 assume over 100 DLL's are rookit-infected if they are not?

I ran the Avast antivirus twice as I mentioned in my initial post and it found the Suspicious Files listing both times, and then my system crashed after Avast asked to reboot both times.

As for other security s/w, I use ZoneAlarm Firewall. At installation Avast said it had a conflict with ZA and gave me an option to turn of the conflicting s/w from within Avast, which I did, so they should work together properly. I also run Spybot - Search & Destroy and Malwarebytes' Anti-Malware to check for spyware.

I hope this additional info may help you figure out what's going on with my system.

Thank you,

William J.



_________________________________________


Hello Tech,

Yes, I still find "Rootkit Hidden Files" if I run a search of my hard drive.

As to the contents of the file:
<avast4>\Data\Report\aswBoot.txt, here are the contents:

              12/08/2008 00:56

Just the date and time. I would guess there is nothing more due to the fact that Avast cannot complete the virus scan without locking up and crashing on reboot. It seems incapable of functioning correctly, even with the latest daily updates to the virus file and the program itself. If I can't find a way to get it to function properly as it used to, I'll have to change to another A/v program.

Thanks for your help.

William J.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: "Suspicious Files Found" Questions
« Reply #4 on: December 10, 2008, 02:53:43 PM »
Willian, hope Alwil team give us a hand on troubleshooting this...
The best things in life are free.

hereandnow

  • Guest
Re: "Suspicious Files Found" Questions
« Reply #5 on: December 10, 2008, 10:53:18 PM »
Hi William

I have approximately the same problems (French version).
How to behave? No obvious understanding of the popup: "Iignore" or "suppress" have the same effect: nothing happens. Tick "Send to Avast Lab for analysis" has no visible effect. Ergonomics is bad. Need for a detailed explanation before acting and to undestand what is expected to happen.
When I follow the advise for an automatic scan after restart, the PC restarts with a permanent black screen and I need to switch it off. After that, no problem with Windows restart but a new Avast scan leads to the same rootkit warnings ( many files in different directories).
« Last Edit: December 10, 2008, 11:01:06 PM by hereandnow »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: "Suspicious Files Found" Questions
« Reply #6 on: December 10, 2008, 11:05:27 PM »
Tick "Send to Avast Lab for analysis" has no visible effect.
The file is uploaded only in the next virus database update.
The best things in life are free.

william j.

  • Guest
Re: "Suspicious Files Found" Questions
« Reply #7 on: December 11, 2008, 05:11:51 AM »
Tech wrote:
Willian, hope Alwil team give us a hand on
troubleshooting this...

  I hope so too. Is there a way to ask them, or do
  we have to wait and just hope someone from the
  company reads this thread?

  William J.

--------------------

hereandnow wrote:

Hi William

I have approximately the same problems (French version). How to behave? No obvious understanding of the popup: "Iignore" or "suppress" have the same effect: nothing happens. Tick "Send to Avast Lab for analysis" has no visible effect. Ergonomics is bad. Need for a detailed explanation before acting and to undestand what is expected to happen.

When I follow the advise for an automatic scan after restart, the PC restarts with a permanent black screen and I need to switch it off. After that, no problem with Windows restart but a new Avast scan leads to the same rootkit warnings ( many files in different

   
   Hello hereandnow,

   What you have described is exactly what happened
   to me, with a black MS-DOS type screen when Avast
   locked up. Like TECH said, hopefully someone at
   ALWIL will see this thread and help us figure out
   a solution.

   William J.

--------------------   

Quote from: hereandnow on Yesterday at 08:53:18 PM
"Send to Avast Lab for analysis" has no visible
 effect.

Quote from Tech: The file is uploaded only in the
next virus database update.

Tech, I make sure to check for updates daily, so if the error file has been
 uploaded to ALWIL, did it also add my email address so they know who it
came from? (I take nothing for granted.) So far, if they did indeed get the
file, I haven't received an answer from the firm. Hopefully I will.

Thank you very much for your help.

William J.