Author Topic: avast 6.0.1289 vs aswMBR  (Read 3911 times)

0 Members and 1 Guest are viewing this topic.

Rick F

  • Guest
avast 6.0.1289 vs aswMBR
« on: September 19, 2011, 02:31:09 AM »
This past weekend I updated to the latest ver. of avast (6.0.1289).  It's working fine, no problems.  Thanks again to the great team at avast!  ;D

In reading the forum I noticed there's a newer version of avast's 'stand-alone' anti-rootkit so I downloaded it and ran it (aswMBR ver 0.9.8.986).  It didn't find a rootkit, but marked a file in my systems32 directory as being suspicious.  The file is: "windows\system32\ntdll.dll" (NT Layer DLL I think).  It's 692K is size and dated 8/10/2004, so I'm pretty sure it's legit.  I ran a full scan using avast and no threat was found.  Avast used to run a 'rootkit' scan 8 mins after boot, so I'm sure it should have said something in the prior days if there was something suspicious.  Yes? No?  The PC has been rebooted several times since the upgrading to 1289.

BTW, I know I'm still on WinXP; SP-2.  I can't install SP-3 due to two KBs that are included.

Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37529
  • Not a avast user
Re: avast 6.0.1289 vs aswMBR
« Reply #1 on: September 19, 2011, 03:01:36 AM »
Quote
Avast used to run a 'rootkit' scan 8 mins after boot,
still does...


Quote
The file is: "windows\system32\ntdll.dll"
upload suspicious file(s) to www.virustotal.com and test with 44 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see


alternative
Jotti     http://virusscan.jotti.org/en
VirSCAN   http://virscan.org/
Metascan  http://www.metascan-online.com/



Rick F

  • Guest
Re: avast 6.0.1289 vs aswMBR
« Reply #2 on: September 19, 2011, 03:24:06 AM »
Thanks Pondus,

I should have remembered to do that, duh.  ::)

Jotti and Metascan says all clean.  I get a 403 forbidden error at viruscan.org after uploading the file (any file to them), so it couldn't scan it.  But that's good enough for me.

Must be a false positive for the latest aswMBR.

Thanks again.   ;)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37529
  • Not a avast user
Re: avast 6.0.1289 vs aswMBR
« Reply #3 on: September 19, 2011, 03:38:37 AM »
well...suspicious isn`t actually a False Positive....as it is not detected as malware   ;)

Rick F

  • Guest
Re: avast 6.0.1289 vs aswMBR
« Reply #4 on: September 19, 2011, 03:56:01 AM »
Oh you're right.  It's just a falsely suspicious.  ;D