Explorer.Exe Rootkit?

[wighty]

Over the past 3 days I have been getting a message form Avast 4.8 Pro that it detected a rootkit in explorer.exe.  The recommended action was to Ignore.

Considering some of the recent VPS file problems I've read about here, I'm wondering how to validate this possibility (remote IMO based on my Inet usage), or just consider it a false positive.

My Dell XPS uses XP Home SP1 and has been the most stable,problem-free, WIN OS I've ever used and serves my needs well.  Just for the record, I do not wish to "upgrade" the OS and because it is SP1 I can not upgrade Avast to ver 5 or 6. 

My VPS file Comp Date: 04/14/2011, Version: 110414-0 (Licensed ver.)

Thoughts...?

[Zyndstoff (aka Steven Gail)]

Thoughts...?

Of course: "He who uses outdated OS without any sensible reason must deal with the consequences."

You asked for it.

[DavidR]

I can understand your reluctance to upgrade your system, but that in itself makes it hard to support your system setup.

Avast 5 came out over two years ago and avast 4.8 is on life support right now.

The real problem is that it is over two years since I last used avast 4.8 and much of what I knew about it is forgotten, so it is very hard to support very old versions.

I honestly can't recall how good the 4.8 anti-rootkit function was or even if it had one, I have managed to find an old image of a rootkit detection in 4.8

The one incorporated in avast5 onwards was much better and crucially continued development were the the one in 4.8 is effectively frozen in time.

###
However, that said it is strange to get an alert on explorer.exe as a potential rootkit. So I would suggest that you check the option to 'Submit the file' for further analysis.

I would also suggest trying a stand alone anti-rootkit application also, but again finding one that supports XP SP1 might be an issue.

[Zyndstoff (aka Steven Gail)]

I can understand your reluctance to upgrade your system,

Why's that, David?
I can understand sticking to XP, but to refuse to install the SPs and to update the AV is beyond me.

[YoKenny]

My Dell XPS uses XP Home SP1 and has been the most stable,problem-free, WIN OS I've ever used and serves my needs well.  Just for the record, I do not wish to "upgrade" the OS and because it is SP1 I can not upgrade Avast to ver 5 or 6. 

Please read:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31

Sticking with XP SP1 will not help you and avast! needs at least XP SP2 for support.

What are the supported operating systems for avast! 6.x ?
https://support.avast.com/index.php?languageid=1&group=eng&_m=knowledgebase&_a=viewarticle&kbarticleid=750#idt_01

[DavidR]

I can understand your reluctance to upgrade your system,

Why's that, David?
I can understand sticking to XP, but to refuse to install the SPs and to update the AV is beyond me.

Same reason why people are still using win98, old systems. The Dell XPS, is no spring chicken.
Since XP SP1 came out in September 9, 2002 and XP SP2 in August 25, 2004, so somewhere in between those two dated for this system coming from Dell, they would also be likely to get the SP2 early. So my guess on the age of this system is sometime in 2003 so there won't be much RAM or HDD space, etc. etc.

It is his decision to make, so long as he knows the shortcomings of his choice.

[Dieselman]

Your not upgrading your OS. Your installing necessary service packs. Service packs also plug security holes in Windows making your pc safer.

[wighty]

I can understand your reluctance to upgrade your system,

Why's that, David?
I can understand sticking to XP, but to refuse to install the SPs and to update the AV is beyond me.

Actually, I did once try to upgrade to a higher SP, using "fresh from the shelf" CDs directly from Microsoft.  However something went terribly wrong and my system would not reboot.  After several tech calls and a site visit ($$), they were able to restore the OS to operation, and that is how it has been left.

Since then, I have had no OS problems or virus infections.  This issue is the first.  While it may be a valid infection, I also see several comments in this forum regarding false positives.  Hence my initial question.

While others may have subjective opinions regarding my desire to continue using an older system, that is not the reason I asked for commentary.  I was only looking for constructive assistance...

[wighty]

I can understand your reluctance to upgrade your system,

Why's that, David?
I can understand sticking to XP, but to refuse to install the SPs and to update the AV is beyond me.

So my guess on the age of this system is sometime in 2003 so there won't be much RAM or HDD space, etc. etc.  It is his decision to make, so long as he knows the shortcomings of his choice.

Yes, 12/05/2003 to be exact, and I do understand.  Yet, it serves my needs very well.  Were it not for this very odd Avast warning, I would not have posted.

And, yes, I have allowed this issue to be reported back to Avast.

[Dieselman]

Keeping your computer up to date is the first step in safety. As it is right now Microsoft does not even care about your current OS. You also dot receive critical updates. Yes thisis off topic but your OS is a bleeding wound.

[wighty]

I can understand your reluctance to upgrade your system, but that in itself makes it hard to support your system setup.###  However, that said it is strange to get an alert on explorer.exe as a potential rootkit. So I would suggest that you check the option to 'Submit the file' for further analysis.  I would also suggest trying a stand alone anti-rootkit application also, but again finding one that supports XP SP1 might be an issue.

Thank you for trying to help.  I have previously submitted the file to Avast as part of the warning message.  I will look for an anti-rootkit app.

[Asyn]

Thoughts...?

Of course: "He who uses outdated OS without any sensible reason must deal with the consequences."

You asked for it.

And I add a big +1 here...!!
Update your XP to SP3 asap, else there's no AV that can protect you.
asyn

[Stang]

I just updated an old Dell XPS system to XP SP3 and Avast 6 ....... no problems.... except that it took a long long time to download hundreds of updates and 2 service packs and Explorer 8.... and ... and ......

This old PC now runs fine and btw avast amd MBAM found a few issues that were promptly handled.

You can do it !!

[Gopher John]

As an example, Tuesday Microsoft had 17 patches which fixed 64 vulnerabilities in Windows.  Most of these were for all supported versions of Windows.

http://isc.sans.edu/diary.html?storyid=10693

https://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx

This is just a small sample of the security issues with WinXP SP1.