Author Topic: Warning Of Rootkit: Hidden Service!  (Read 4101 times)

Offline BobbyZee67

  • Jr. Member
  • **
  • Posts: 24
  • Gender: Male
    • Personal Message (Offline)
Warning Of Rootkit: Hidden Service!
« on: June 19, 2010, 01:04:36 AM »
  Hi, Please bear with me as I'm afraid I'm not too clued up on computing, especially on how to deal with this type of warning.
  I installed Avast5 when it first came out but I kept getting this warning message that C:\Windows\system32\mbamswissarmy.sys file was a Rootkit: Hidden Service and being pretty sure that it was a FP, I uninstalled Avast. I am of course running MBAM (paid version but realtime protection disabled) and I'm also running SuperAntispyware Pro with realtime protection enabled of which I update and scan on a daily basis and I've never had a hint of infection.
  Yesterday, I decided to give Avast another try, installing version 5.0.545 after uninstalling MSE using RevoUninstaller. Program installed ok but this evening I again got the above same warning! I ran a Boot Scan, result of which was "no infections". Again ran MBAM and SuperAntispyware full scans with no infections, so what do I do now? I want to keep running Avast, if and when I receive this warning again, do I tick the "ignore box"?
 When I was running Avast last time I entered MBAM files in Exclusions Settings, as yet I havn't this time round.

  I look forward to any advice anyone can offer me, incidentally, my Avast5 program is free version.

  BobbyZee67
Dell Inspiron1520 Vista Home PremiumSP2,32 bit,Intel(R)Core Duo, CPU T7250,2.00GB RAM@2.00GHz/2.00GHz:Avast!5Free,MBAM Pro,Superantispyware Pro(realtime protection disabled,Trusteer Rapport:IE8,Google Chrome7 & Opera 10.63:Diskeeper2010 Home,CCleaner,Revo Uninstaller

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64877
  • Gender: Male
    • Personal Message (Online)
Re: Warning Of Rootkit: Hidden Service!
« Reply #1 on: June 19, 2010, 01:14:02 AM »
Can you submit your C:\Windows\system32\mbamswissarmy.sys file to www.virustotal.com
If it is really a false positive, you can exclude it within avast settings.
There is no need to uninstall avast just because a false positive.
The best things in life are free.

Offline DavidR

  • avast! √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Warning Of Rootkit: Hidden Service!
« Reply #2 on: June 19, 2010, 01:21:13 AM »
That has happened to someone else recently, but not to many other MBAM Pro users.

First ensure that you have the latest avast virus definitions database (do a manual virus definitions and engine update), second ensure that you also have the latest version of MBAM. The exclusions in this instance won't make any difference I believe as this is the anti-rootkit scan 8 minutes after boot (?) and the exclusions are for the on-demand scans.

Just select the Ignore option (but not the don't tell me again or words to that effect) when the detection is made, information about the detection should be transmitted to avast on the next update.

Submission of the file to virustotal I feel will be worthless as the scan done on VT isn't the same as the anti-rootkit scan, so it is unlikely to find anything.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline BobbyZee67

  • Jr. Member
  • **
  • Posts: 24
  • Gender: Male
    • Personal Message (Offline)
Re: Warning Of Rootkit: Hidden Service!
« Reply #3 on: June 19, 2010, 06:15:55 AM »
 
  Many thanks for your advice David (also Tech's).

  Guess what, I now cannot run Malwarebytes because I get message "An error has occurred. Please report error code to our support team".
                  MBAM Error Missing File (2,0,mbamswissarmy.sys)
                  The system cannot find the file specified.

  I'm clueless as to where file is now, there is nothing in Avast Virus Chest! As I recall, this same MBAM missing file occurred the previous time I installed Avast5. Once again, program version is 5.0.545 and virus definition is 100618-1.
  Would appreciate help once more, thanks in anticipation.

  BobbyZee67
Dell Inspiron1520 Vista Home PremiumSP2,32 bit,Intel(R)Core Duo, CPU T7250,2.00GB RAM@2.00GHz/2.00GHz:Avast!5Free,MBAM Pro,Superantispyware Pro(realtime protection disabled,Trusteer Rapport:IE8,Google Chrome7 & Opera 10.63:Diskeeper2010 Home,CCleaner,Revo Uninstaller

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8800
  • Gender: Male
    • Personal Message (Offline)
Re: Warning Of Rootkit: Hidden Service!
« Reply #4 on: June 19, 2010, 09:36:22 AM »
Please follow AdvancedSetup's advice to install a clean version of MBAM:
http://forums.malwarebytes.org/index.php?s=&showtopic=54565&view=findpost&p=270065
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now