« previous next »
Pages: [1]   Go Down

Author Topic: Rootkit detection in C:\## aswSnx private storage?  (Read 6328 times)

0 Members and 1 Guest are viewing this topic.

MAG

  • Guest
Rootkit detection in C:\## aswSnx private storage?
« on: February 19, 2012, 10:13:15 PM »
I did a full rootkit scan (sensitivity normal)with avast and got the following detection:

File C:\## aswSnx private storage\webStorage\image\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll  **HIDDEN**

Severity High, Threat rootkit, hidden file.

Boot time scan shows nothing.

(I did the scan because I'd been getting a few mbam IP block alerts, and a couple of crashes - but the alerts have stopped with last mbam update)

This being safezone/sandbox storage I expect (and sincerely hope) it is a FP (I gather there is legitimate file in chrome of this name, but not sure why this is classed as hidden when other aswSnx files aren't)

 - but how to send it virustotal for checking? - I can't even see ## aswSnx private storage on the C drive, even with 'show hidden files' selected.

(I know I've seen it before - I've even deleted it before on pk's advice to fix a safezone problem).

Any thoughts?

Thanks
Logged

MAG

  • Guest
Re: Rootkit detection in C:\## aswSnx private storage?
« Reply #1 on: February 19, 2012, 10:48:12 PM »
I've managed to submit to VT - using Linux to access it.

Result - 0/39.

I've also noted from the avast log that this is the only .dll file scanned in C:\## aswSnx private storage.

Perhaps that explains the alert?
Logged

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89135
  • No support PMs thanks
Re: Rootkit detection in C:\## aswSnx private storage?
« Reply #2 on: February 19, 2012, 10:52:36 PM »
It isn't actually saying it is a rootkit, but that it is **HIDDEN** and that is essentially correct as that is what the avast sandbox/safezone private storage is meant to do. This is why you can't see it from the normal windows explorer.

I didn't think VT would find anything as it can't replicate the anti-rootkit scan and avast anti-rootkit was only saying it was **HIDDEN**.

Whilst I don't have avast Pro or AIS, this appears to be a component of the avast safe browser (based on the Chromium browser).
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

MAG

  • Guest
Re: Rootkit detection in C:\## aswSnx private storage?
« Reply #3 on: February 19, 2012, 11:04:39 PM »
Thanks David.

You're right it is a Chromium browser file.

The same file was also scanned outside ## aswSnx private storage as a Chrome file (without detection):

File C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll.

So I still suspect it's the fact that it's the only hidden .dll in ## aswSnx private storage that is prompting the alert.

Logged

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89135
  • No support PMs thanks
Re: Rootkit detection in C:\## aswSnx private storage?
« Reply #4 on: February 20, 2012, 12:09:53 AM »
You're welcome.

Not so much an alert as a notification in this instance.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »