Status
Not open for further replies.

Spawn

Administrator
Verified
Staff member
EDIT: Posted in Avast Forums

I am using Windows 8 RP 64-bit.

I installed Avast 7 Free about 10 minutes ago, custom installation with Web and Network Shield only.

Changes to Avast Free (Web and Network Shield only):

- Linked to my.avast.
- Activated free license.
- Enabled PUP detection on Web Shield.
- Disabled Social/Recommended features.
- Disabled Generate monthly report.
- Disabled start-up rootkit scan.

Action Center reported that Avast and Windows Defender were both turned off.

Manually switched on Windows Defender.

I get an avast pop-up saying rootkit detected (see screenshot).

I chose Ignore.

Generate a log file (extracted from aswAr.log):
Code:
Service WdBoot [C:\WINDOWS\system32\drivers\WdBoot.sys]  **HIDDEN**
Service WdFilter [C:\WINDOWS\system32\drivers\WdFilter.sys]  **HIDDEN**
Service WinDefend [C:\Program Files]  **HIDDEN**
I can only assume these are False Positives?

Any help appreciated. I have to dig up my Avast Forums username.
 

Attachments

P

Plexx

Aint service WinDefend the windows defender one? as well as the 2 sys files?

I still believe it is a False Positive. Anyway you can upload the files to Avast and inform them of False Positive?
 

Jack

Administrator
Verified
Staff member
Indeed looks like a FP...
Did you try to upload the files to https://www.virustotal.com/ ?
 

Spawn

Administrator
Verified
Staff member
Just checking, I shall report this to Avast, when I find my login details. :)

WdFilter.sys
https://www.virustotal.com/file/c66383e690ee77591bc37aa7b5e0111f3802cd439e97fe053f87369abc5ae84b/analysis/1340309044/

WdBoot.sys
https://www.virustotal.com/file/2ad5767e8272c3c8dfe76a4a6a60580d609d4a58c35a9a7ea96bdd3b03cb40c6/analysis/1340309046/
 

Jack

Administrator
Verified
Staff member
The worst part is that the recommended action is DELETE... A inexperienced user would just allow this request and basically remove some much need it Windows files.
 

malwarekiller

New Member
I Had the same rootkit warning on MBAM Service when I recently bought MBAM Pro....The warning was on mbamswissarmy.sys that MBAM creates when it scans something...I searched the avast forums and did find that it was also seen by many more people...never the less..its the power of GMER that avast has :p...so make exclusions in your additional anti-malware applications and in avast...it must supress these alerts then:)
 
Status
Not open for further replies.
Top