Author Topic: avast 6.0.1289 vs aswMBR  (Read 3335 times)

0 Members and 1 Guest are viewing this topic.

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
avast 6.0.1289 vs aswMBR
« on: September 19, 2011, 02:31:09 AM »
This past weekend I updated to the latest ver. of avast (6.0.1289).  It's working fine, no problems.  Thanks again to the great team at avast!  ;D

In reading the forum I noticed there's a newer version of avast's 'stand-alone' anti-rootkit so I downloaded it and ran it (aswMBR ver 0.9.8.986).  It didn't find a rootkit, but marked a file in my systems32 directory as being suspicious.  The file is: "windows\system32\ntdll.dll" (NT Layer DLL I think).  It's 692K is size and dated 8/10/2004, so I'm pretty sure it's legit.  I ran a full scan using avast and no threat was found.  Avast used to run a 'rootkit' scan 8 mins after boot, so I'm sure it should have said something in the prior days if there was something suspicious.  Yes? No?  The PC has been rebooted several times since the upgrading to 1289.

BTW, I know I'm still on WinXP; SP-2.  I can't install SP-3 due to two KBs that are included.

Thanks.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36993
Re: avast 6.0.1289 vs aswMBR
« Reply #1 on: September 19, 2011, 03:01:36 AM »
Quote
Avast used to run a 'rootkit' scan 8 mins after boot,
still does...


Quote
The file is: "windows\system32\ntdll.dll"
upload suspicious file(s) to www.virustotal.com and test with 44 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see


alternative
Jotti     http://virusscan.jotti.org/en
VirSCAN   http://virscan.org/
Metascan  http://www.metascan-online.com/



Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: avast 6.0.1289 vs aswMBR
« Reply #2 on: September 19, 2011, 03:24:06 AM »
Thanks Pondus,

I should have remembered to do that, duh.  ::)

Jotti and Metascan says all clean.  I get a 403 forbidden error at viruscan.org after uploading the file (any file to them), so it couldn't scan it.  But that's good enough for me.

Must be a false positive for the latest aswMBR.

Thanks again.   ;)
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36993
Re: avast 6.0.1289 vs aswMBR
« Reply #3 on: September 19, 2011, 03:38:37 AM »
well...suspicious isn`t actually a False Positive....as it is not detected as malware   ;)

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: avast 6.0.1289 vs aswMBR
« Reply #4 on: September 19, 2011, 03:56:01 AM »
Oh you're right.  It's just a falsely suspicious.  ;D
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,