rootkit-gen [RTK] with iehelper.dll

[Tarq57]

Hi, I won't be able to help much with Comodo installation or setup; I don't use it. The one in my signature is a buffer overflow protector, quite different.
PCTools firewall is the one I use.http://www.pctools.com/firewall/
Might pay to read a few user reviews, and decide for yourself which one you'd like to try. There are plenty of firewalls around, I just mentioned two of the fairly popular ones.

[Gala]

 OK, PCTools firewall looks good.
I will install it after I finished update SP3. But one more important question;
Should I uninstall Avast before install SP3, and install again after, or just disable?

[Tarq57]

Well, I got away with just disabling it for the SP3 install. ("Stop on access protection") But I don't know what you should do. Something prevented you from updating to SP3 before. If it isn't too much hassle, maybe it would be better to uninstall it for the update. Don't forget to disconnect the cable!

 PCTools Firewall is pretty good to go on the default settings. It is what is called an "application based firewall". The other common type is a "rules based firewall". The "rules" one gives more precise control, but needs knowledge and usually a bit of time to set up. And if you get this wrong, it can be a serious security hole. I wouldn't try to set up a rules based firewall without a tutorial, and someone to walk me through it.

 Some people have complained about slowdowns when a feature called "enhanced security verification" is active. If you choose to deselect this, select "settings", and untick the box indicated. Leaving it ticked will cause it to guard against internal system changes, a sort of an "internal firewall". I leave it on, but turn it off when installing or updating known and safe software. It doesn't seem to slow down the computer at all.

After you install it, check via the control panel that the windows firewall has been turned off.

Every time an unknown program wants to connect to the net, the firewall will prompt you. If you know the process, click "allow". It will remember this, unless you un-tick the box that says "remember this decision" (or similar.)
Just as you think the popups are driving you insane, they will start to decrease. The firewall has learned what has rights to connect to the net.
If it should prompt for an application you don't recognize, or understand, try Googling it. If you are still no better off, ask someone. A lot of the advanced users here will have a good or excellent idea.

[Gala]

I Install SP3, and for now looking good, but it was unplanned, because it came in automatic updates, and I just let it go to run, shut down everything else, and disabled Avast. Now I'm downloading device-drivers.com, and then I will go further hoping that everything will be OK.
Regards

[roadhawk1]

I have iehelper.dll , infected with Win32Root kit. Have it in virus chest. What should I do; deleate it or chest it. I'm afraid of causing more harm than good for my pc.

[Tarq57]

Hi roadhawk1, this is someone else's thread, your issue is best dealt with where you posted here.http://forum.avast.com/index.php?topic=44559.msg373121#msg373121

[Gala]

Hello! Just want to let you know that everything is perfect and my PC works good and fast.
After updated SP3, I scanned PC with http://onecare.live.com/standard/en-ca/default.htm free online scan, and cleaned hard disc (there is no free trial for my country yet).
Then I installed Secunia PSI, updated some things, and now my results are:

Security Threats: 0
Secunia System Score: [?] 100%
Last Full System Scan: [?] 12 hours ago

Secunia is great thing, I like it!
On the end, I install Recovery Console with ComboFix, without scanning for now (learned about ComboFix on this forum as well).
I have no virus or bad stuff on my PC for now, but I'm still using only Avast, and MBM. I decided to not install firewall until I find someone who can helps me to manage all settings properly. I have no anyone here to do this things for me, and don't want mess with things which I don't understand. However, hoping that it will be enough to keeps me protected.
And of course, I have this forum in *My Favorites* Pages

Thank You Guys once again for your advices!

Best regards

[Tarq57]

Sounds good!
Hope all goes well.
Call back if you want any more help etc.

[vishu9]

hello...i'm new to the avast forum....i need some help regarding the rootkit detection that avast shows up

I am using avast pro version 4.8 and i recently tried to install AVG internet security professional on my Windows 7 pc but as soon as i start the installer avast shows up with a rootkit warning, when i delete it the installation stops saying "file not found"......does this mean that avg is an actual rootkit or avast jus shows this coz these 2 aren't comptible??...if yes please suggest me another good av that can be used along with avast!

thnx

[Tarq57]

Hi vishu9, welcome to the forum.

It would have been better to post your question in a new topic, rather than adding it to an old and not-very related thread. But I can answer your question in general terms.
You can not install or run another AV with Avast. Nor with most other resident AV's.
They are likely to conflict, fight over file access, and in the end you end up with less protection than if just one were installed.
That is probably why you are getting the rootkit warning, if the AVG installer you have is genuine. (If it is not genuine, ie: a crack/warez version, it likely contains a rootkit or trojan.)

I know of no combination of resident AV that is compatible. I have read reports that MSE is compatible, but wouldn not try that myself. I do know that Threatfire, a behaviour blocker, works well with Avast 4.8

You can have demand scanners, such as MBAM or Superantispyware, installed alongside Avast, which I recommend. Just update and run a scan with one of them every week or two, or any time malware is suspected. One of these can be a useful adjunct to Avast, which does a very good job but can't always detect and stop all malware. Having a demand scanner improves the chance that you can detect and remove malware that Avast has not detected.

A new version of Avast is available; version 5.0.462, reported here (with download links) and apparently this is quite stable for most.