Author Topic: rootkit investigation (Read 2111 times)

IanWorthington · « **on:** October 07, 2011, 12:10:23 AM »

Last night, whilst burning some mp3s, probably downloaded from some nefarious source, to cd for my wife, I got a "rootkit detected" alert from avast. After the burn completed I allowed the removal and did a boot time scan which found nothing new.

I can't find any logs with information about the detected rootkits though, so don't know if they were associated with those mp3s or not, which passed the scan ok.

Any way I can investigate the rootkit alert to find out its origin?

i

mikaelrask · « **Reply #1 on:** October 08, 2011, 03:47:35 PM »

welcome to the forum. you could check the logs for the shields of avast.

If I'm right it should be open up avast interface- hit real time protection. go the file system shield hit the button check either traffic log or protection log. there it should be information witch you seek.

good luck.

IanWorthington · « **Reply #2 on:** October 09, 2011, 01:23:55 AM »

Nothing at all in the shield log. Can't find a protection "log", only the protection history, which doesn't show anything either.

Lisandro · « **Reply #3 on:** October 09, 2011, 03:09:20 AM »

I suggest you schedule a boot time scanning.
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt is the report file.

Author Topic: rootkit investigation (Read 2111 times)

IanWorthington

rootkit investigation

mikaelrask

Re: rootkit investigation

IanWorthington

Re: rootkit investigation

Lisandro

Re: rootkit investigation