Avast Rootkit FP?

Status
Not open for further replies.
I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
EDIT: Posted in Avast Forums

I am using Windows 8 RP 64-bit.

I installed Avast 7 Free about 10 minutes ago, custom installation with Web and Network Shield only.

Changes to Avast Free (Web and Network Shield only):

- Linked to my.avast.
- Activated free license.
- Enabled PUP detection on Web Shield.
- Disabled Social/Recommended features.
- Disabled Generate monthly report.
- Disabled start-up rootkit scan.

Action Center reported that Avast and Windows Defender were both turned off.

Manually switched on Windows Defender.

I get an avast pop-up saying rootkit detected (see screenshot).

I chose Ignore.

Generate a log file (extracted from aswAr.log):
Code: 
Service WdBoot [C:\WINDOWS\system32\drivers\WdBoot.sys]  **HIDDEN**
Service WdFilter [C:\WINDOWS\system32\drivers\WdFilter.sys]  **HIDDEN**
Service WinDefend [C:\Program Files]  **HIDDEN**

I can only assume these are False Positives?

Any help appreciated. I have to dig up my Avast Forums username.
 

Attachments

  • avast7-rootkit.png
    avast7-rootkit.png
    31.7 KB · Views: 760
P

Plexx

Aint service WinDefend the windows defender one? as well as the 2 sys files?

I still believe it is a False Positive. Anyway you can upload the files to Avast and inform them of False Positive?
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Indeed looks like a FP...
Did you try to upload the files to https://www.virustotal.com/ ?
 
I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Just checking, I shall report this to Avast, when I find my login details. :)

WdFilter.sys
https://www.virustotal.com/file/c66383e690ee77591bc37aa7b5e0111f3802cd439e97fe053f87369abc5ae84b/analysis/1340309044/

WdBoot.sys
https://www.virustotal.com/file/2ad5767e8272c3c8dfe76a4a6a60580d609d4a58c35a9a7ea96bdd3b03cb40c6/analysis/1340309046/
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
The worst part is that the recommended action is DELETE... A inexperienced user would just allow this request and basically remove some much need it Windows files.
 
M

malwarekiller

New Member
Mar 30, 2012
688
I Had the same rootkit warning on MBAM Service when I recently bought MBAM Pro....The warning was on mbamswissarmy.sys that MBAM creates when it scans something...I searched the avast forums and did find that it was also seen by many more people...never the less..its the power of GMER that avast has :p...so make exclusions in your additional anti-malware applications and in avast...it must supress these alerts then:)
 
Status
Not open for further replies.

Similar threads

M
    • Like
New Update NEW Avast version 24.7
Replies
1
Views
509
Avast
Bot
Bot
M
    • Like
    • +Reputation
NEW Avast version 24.5
Replies
1
Views
632
Avast
Bot
Bot
M
    • Like
    • +Reputation
    • Thanks
New Update NEW Avast version 24.1
Replies
0
Views
551
Avast
Mops21
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top