Author Topic: 2 Rootkits found on new system  (Read 8249 times)

0 Members and 1 Guest are viewing this topic.

Turk42

  • Guest
2 Rootkits found on new system
« on: August 07, 2011, 07:31:43 PM »
1st time using Avast guys so excuse the inexperience.I have recently installed Windows 7 on a new computer and ran a full scan using Avast.To my surprise it has found 2 threats.

1) C\Windows\AppCompat\Programs\RecentFileCache.bcf
2) C:\Windows\System32\CodeIntegrity\bootcat.cache

Both have a High severity rating and status is shown for both as

Threat:Rootkit:system modification

If anybody could shed any light on this i would appreciate it.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: 2 Rootkits found on new system
« Reply #1 on: August 07, 2011, 08:26:01 PM »
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the URL in the addressbar and post it here so we can see


alternatives
Jotti`s malware scan  http://virusscan.jotti.org/en
VirSCAN  http://virscan.org/

Turk42

  • Guest
Re: 2 Rootkits found on new system
« Reply #2 on: August 07, 2011, 09:11:22 PM »
Tried using Virustotal but on looking for files

AppComPat
-----------
I am told i don't have permission to open the file and to contact the owner or administrator

System32
---------
Can't find the file at all.

Is it worth running the scan again or scanning with  Malwarebytes Anti-Malware


Apologies



Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: 2 Rootkits found on new system
« Reply #3 on: August 07, 2011, 09:22:16 PM »
you may run a quick scan with malwarebytes...and remeber to update before you do
post log if anything is found


then this

* download aswMBR.exe and save to desktop   http://public.avast.com/~gmerek/aswMBR.exe
* double click aswMBR icon to run
* click scan, then "Save Log" and post it here in your next reply


I have PM`d essexboy so he can have a look at this..


Turk42

  • Guest
Re: 2 Rootkits found on new system
« Reply #4 on: August 07, 2011, 09:36:44 PM »
Nothing found with Malwarebytes



aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-07 20:32:14
-----------------------------
20:32:14.803    OS Version: Windows x64 6.1.7600
20:32:14.803    Number of processors: 1 586 0x602
20:32:14.804    ComputerName: HEAVEN-PC  UserName: Heaven
20:32:15.488    Initialize success
20:32:16.561    AVAST engine defs: 11080700
20:32:23.692    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
20:32:23.700    Disk 0 Vendor: SAMSUNG_ 1AC0 Size: 152627MB BusType: 3
20:32:25.714    Disk 0 MBR read successfully
20:32:25.719    Disk 0 MBR scan
20:32:25.727    Disk 0 Windows 7 default MBR code
20:32:25.740    Service scanning
20:32:27.050    Modules scanning
20:32:27.057    Disk 0 trace - called modules:
20:32:27.079    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
20:32:27.089    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80026bd060]
20:32:27.096    3 CLASSPNP.SYS[fffff880018b743f] -> nt!IofCallDriver -> [0xfffffa8002468e40]
20:32:27.102    5 ACPI.sys[fffff88000f54781] -> nt!IofCallDriver -> \Device\00000054[0xfffffa800246c6a0]
20:32:27.373    AVAST engine scan C:\Windows
20:32:28.858    AVAST engine scan C:\Windows\system32
20:33:13.281    AVAST engine scan C:\Windows\system32\drivers
20:33:16.756    AVAST engine scan C:\Users\Heaven
20:33:53.872    AVAST engine scan C:\ProgramData
20:33:57.367    Scan finished successfully
20:35:27.905    Disk 0 MBR has been saved successfully to "C:\Users\Heaven\Documents\MBR.dat"
20:35:27.909    The log file has been saved successfully to "C:\Users\Heaven\Documents\aswMBR.txt

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 2 Rootkits found on new system
« Reply #5 on: August 07, 2011, 09:57:35 PM »
I have those files on my windows 7 and Avast has not said a word about them

Are you experiencing any strange behaviour ?

Turk42

  • Guest
Re: 2 Rootkits found on new system
« Reply #6 on: August 07, 2011, 10:48:42 PM »
No not really,the computer has only been up and running since last Thursday although Windows Explorer did shut down and restart earlier for no apparent reason..As well as Avast i have Malwarebytes and SpywareBlaster installed,am using Windows own firewall at the moment and use Google Chrome as my browser.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 2 Rootkits found on new system
« Reply #7 on: August 07, 2011, 11:05:23 PM »
Are you still getting the alerts ?

Turk42

  • Guest
Re: 2 Rootkits found on new system
« Reply #8 on: August 07, 2011, 11:13:00 PM »
No they appeared after a full scan,the avast icon in the system tray shows system secured,just wondering if i should do another scan?

ibell63

  • Guest
Re: 2 Rootkits found on new system
« Reply #9 on: August 08, 2011, 02:52:06 AM »
I say run TDSSKiller and/or Hitman Pro to check for rootkits just to be safe.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: 2 Rootkits found on new system
« Reply #10 on: August 08, 2011, 03:52:12 AM »
I would say running hitman pro and just to be safe to be a contradiction. There have been many cases that essexboy can attest to were hitman pro has caused major problems in deleting an important file.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 2 Rootkits found on new system
« Reply #11 on: August 08, 2011, 07:40:36 PM »
Could you run another full scan please to see if they re-appear, as I have my doubts about the detection 

Turk42

  • Guest
Re: 2 Rootkits found on new system
« Reply #12 on: August 09, 2011, 03:48:06 PM »
Ran a full scan using Avast and a quick scan using Malwarebytes today and nothing found.Assume it is all ok.Cheers for the assistance.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 2 Rootkits found on new system
« Reply #13 on: August 09, 2011, 07:52:09 PM »
No problem, if it reappears let us know