Author Topic: Avast! doesnt remove a rootkit file  (Read 14456 times)

0 Members and 1 Guest are viewing this topic.

Offline CUPIC

  • Newbie
  • *
  • Posts: 15
Re: Avast! doesnt remove a rootkit file
« Reply #30 on: February 02, 2011, 03:25:16 AM »
Well it is 2:05am in the UK so essexboy will be in bed and not back on the forums until after he finishes work tomorrow.

Do you mean run OTS again as there is no mention of running OSL. So the last thing he asked for was to run OTS again and copy and paste the contents of the code box into the Paste fix here and click the Run Fix button.

So I would suggest you try that again, and ensure that you follow this first instruction:
Make sure you close all other programs and don't use the PC while the scan runs. This includes avast for the duration of the scan.

I don't know if the run fix produces a log, if not then run OTS again so that it produces a log after the fix to see if anything else needs to be done.

I run the OTS.exe, first time. But, the it STOP working and it was terminated by the Windows.

Next time I run OTS, and it made required (pasted) fixes but it doesn't made any log or txt file.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: Avast! doesnt remove a rootkit file
« Reply #31 on: February 02, 2011, 04:01:25 AM »
As I said I don't know if it does produce a report after the fix, that is why I suggested running OTS again in the normal Run Scan mode (for all users) as essexboy's first OTS scan, this post, http://forum.avast.com/index.php?topic=69884.msg591804#msg591804.

The idea being to produce a report after you ran the fix to see if the fix worked and to see if essexboy needs to run additional tools.

That is me for the night shortly also as it is now 3am here in the UK.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline CUPIC

  • Newbie
  • *
  • Posts: 15
Re: Avast! doesnt remove a rootkit file
« Reply #32 on: February 02, 2011, 07:22:44 AM »
    I'm asking for your understanding because my english is too bad.

    Maybe I didn't understand what essexboy said, but I thought that OTS has to produce a log file, every time after scaning/fixing:



  • Please attach the log in your next post.

After the OVS "fixed" the problem, it doesn't made any log file.

The suspicious process is still running on my computer, as you can see on this picture in attachment.




« Last Edit: February 02, 2011, 08:14:59 AM by CUPIC »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: Avast! doesnt remove a rootkit file
« Reply #33 on: February 02, 2011, 04:08:29 PM »
I'm not familiar with the tools essexboy uses, I'm only trying to help you do some work whilst he is unavailable.

Yes, that point about the Please attach the log in your next post, relates to having run the first OTS 'Run Scan' it produces the log.

So if the Run Fix doesn't produce a log as you say and I suspected, that is why I suggested running the OTS 'Run Scan' again to produce that log so that essexboy has something to work with when he gets back.

I don't know if you have rebooted after the OTS Run Fix, but you should probably do that before running OTS 'Run Scan' again to produce the log.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast! doesnt remove a rootkit file
« Reply #34 on: February 02, 2011, 08:12:35 PM »
Quote
HKEY_USERS\S-1-5-21-4190731207-121853071-4191398483-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YN -> C:\Users\User\AppData\Roaming\juzjf.exe ->
This references the winlogon settings od=f a subsidiary user on your system

David is correct if you press run scan as opposed to run fix then OTS will stall.  Add the script again and press run fix 

Offline TheSecurityFreak

  • Newbie
  • *
  • Posts: 15
Re: Avast! doesnt remove a rootkit file
« Reply #35 on: February 02, 2011, 11:34:11 PM »
To be honest... Remove Spybot and get winpatrol and MBAM to cover your security

Allow it

Yeah, Spybot S&D has a bad detection rate.