Author Topic: A lot of rootkit  (Read 6438 times)

0 Members and 1 Guest are viewing this topic.

pimpoli

  • Guest
A lot of rootkit
« on: June 06, 2011, 04:20:05 PM »
After an update, my Avast Free find a lot of rootkits, but... some are Avast files, some are MBAM files!
This is the list, all in C:\WINDOWS\system32\drivers\:

aavmker4.sys
afd.sys
aswFsBlk.sys
aswmon.sys
aswmon2.sys
aswRdr.sys
aswSP.sys
aswTdi.sys
mbam.sys
mbamswissarmy.sys
mrxsmb.sys
ndproxy.sys
srv.sys

Anyone can help me? Are False Positives?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89210
  • No support PMs thanks
Re: A lot of rootkit
« Reply #1 on: June 06, 2011, 04:57:01 PM »
First, ensure that you have the latest virus definitions, avastUI, Maintenance, Updates and do a manual update.

The latest one is 110606-0.

What type of scan were you doing when these were detected ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

BlacMoon91

  • Guest
Re: A lot of rootkit
« Reply #2 on: June 06, 2011, 07:39:56 PM »
Check a Rootkit Scan. Also use http://www.comodo.com/business-security/network-protection/cleaning_essentials.php Scan with this and use the Killswitch.exe to identify all Process. After that you are cured or solved. ;D
Before Two days I'm also infected like this... I follow this, then it has been solved.Its My Pleasant advice.

Thank YOu...

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: A lot of rootkit
« Reply #3 on: June 07, 2011, 03:12:49 PM »
Check a Rootkit Scan. Also use http://www.comodo.com/business-security/network-protection/cleaning_essentials.php Scan with this and use the Killswitch.exe to identify all Process. After that you are cured or solved. ;D
Before Two days I'm also infected like this... I follow this, then it has been solved.Its My Pleasant advice.

Thank YOu...

I wouldn't try this unless you're an advance experience user because you can get FP from Comodo Cleaning Essentials (CCE), and you could also lead into problem with you're PC CCE must be used by an advance experience user only.
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v24.3.6108 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 286
Re: A lot of rootkit
« Reply #4 on: June 08, 2011, 05:26:20 AM »
For me its an FP because i have mbamswissarmy.sys detected but Avast team is not responding on my complain.

I have plenty of FP but different on yours but mostly all are sys files.
Windows 11 Pro / Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

BlacMoon91

  • Guest
Re: A lot of rootkit
« Reply #5 on: June 08, 2011, 08:06:30 AM »
Are you tried Boot Time scan with your Avast?
Set the heuristic level as High. May Be It will help you...
May the Behavior Based Detection false positive, I think.
http://download.eset.com/special/eos/esetsmartinstaller_enu.exe
http://quickscan.bitdefender.com/
Try them and run a On line Scan... May Be it will bring you which is true...

pimpoli

  • Guest
Re: A lot of rootkit
« Reply #6 on: June 11, 2011, 01:31:47 PM »
I tried so: I uploaded these suspicious files to :

www.virustotal.com
http://virusscan.jotti.org/
http://virscan.org/

No one of these online scanning sites reported a rootkit...
Can I think that it was a False positive?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89210
  • No support PMs thanks
Re: A lot of rootkit
« Reply #7 on: June 11, 2011, 02:51:43 PM »
First you didn't answer my question:
What type of scan were you doing when these were detected ?

This is crucial, as if this is the anti-rootkit scan, 8 minutes after boot then the heuristic methods used to detect these 'can't be replicated' on the conventional scans that are done at virustotal, etc.

Second, did ensure that your virus definitions are up to date ?
If you have the latest update now 110611-0 are these detections still happening ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

BlacMoon91

  • Guest
Re: A lot of rootkit
« Reply #8 on: June 11, 2011, 04:42:46 PM »
I tried so: I uploaded these suspicious files to :

www.virustotal.com
http://virusscan.jotti.org/
http://virscan.org/

No one of these online scanning sites reported a rootkit...
Can I think that it was a False positive?
Yeah... There are must be FP.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89210
  • No support PMs thanks
Re: A lot of rootkit
« Reply #9 on: June 11, 2011, 04:51:13 PM »
Did you read what I just posted, VT is worthless if this was a rootkit scan ???
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

BlacMoon91

  • Guest
Re: A lot of rootkit
« Reply #10 on: June 11, 2011, 05:05:17 PM »
Did you read what I just posted, VT is worthless if this was a rootkit scan ???

WE need some detailed report from you..... Pimpoli.
Are you think your PC is Infected?

BlacMoon91

  • Guest
Re: A lot of rootkit
« Reply #11 on: June 11, 2011, 05:06:54 PM »
After an update, my Avast Free find a lot of rootkits, but... some are Avast files, some are MBAM files!
This is the list, all in C:\WINDOWS\system32\drivers\:

aavmker4.sys
afd.sys
aswFsBlk.sys
aswmon.sys
aswmon2.sys
aswRdr.sys
aswSP.sys
aswTdi.sys
mbam.sys
mbamswissarmy.sys
mrxsmb.sys
ndproxy.sys
srv.sys

Anyone can help me? Are False Positives?

Check Emsisoft Hijackfree to understand all Process instead Your PC. If anything goes wrong you are infected. Or there must be an false positive.

pimpoli

  • Guest
Re: A lot of rootkit
« Reply #12 on: June 13, 2011, 02:10:03 PM »
First you didn't answer my question:
What type of scan were you doing when these were detected ?

This is crucial, as if this is the anti-rootkit scan, 8 minutes after boot then the heuristic methods used to detect these 'can't be replicated' on the conventional scans that are done at virustotal, etc.

Second, did ensure that your virus definitions are up to date ?
If you have the latest update now 110611-0 are these detections still happening ?

Yes, it is the anti-rootkit scan, 8 minutes after boot. And these alerts occurs AFTER an update (after the 110528-0 update)


pimpoli

  • Guest
Re: A lot of rootkit
« Reply #13 on: June 13, 2011, 02:11:18 PM »
After an update, my Avast Free find a lot of rootkits, but... some are Avast files, some are MBAM files!
This is the list, all in C:\WINDOWS\system32\drivers\:

aavmker4.sys
afd.sys
aswFsBlk.sys
aswmon.sys
aswmon2.sys
aswRdr.sys
aswSP.sys
aswTdi.sys
mbam.sys
mbamswissarmy.sys
mrxsmb.sys
ndproxy.sys
srv.sys

Anyone can help me? Are False Positives?

Check Emsisoft Hijackfree to understand all Process instead Your PC. If anything goes wrong you are infected. Or there must be an false positive.

Hijackfree do not report any malware or rootkit... but I'm afraid: these are AVAST and MBAM files, and also Win system files!

Offline Shiw Liang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1432
Re: A lot of rootkit
« Reply #14 on: June 13, 2011, 03:00:37 PM »
Pimpoli, I suggest you to listen to DavidR who is more experienced...