AVG Support and Discussion Forums | AVG Worldwide

English
- Česky
- English
- Español
- Français
- Português

Folder

AVG Forums » Other topics » Virus Removal, Tools for Removing » Rootkit Detection Virtual Machine

New thread Reply

June 25, 2012 15:20	Rootkit Detection Virtual Machine #210615
	Reply with Quote \| Quick Reply \| Top
braddesu Novice Join Date: 25.6.2012 Posts: 3	Rootkit detection on a Virtual machine I am running a Microsoft Virtual machine of Windows XP (SP 3) Build 2600 Professional 32bit (Fully patched) on an Windows 7 Pro - I7 64 bit install. The VM has AVG Free 2012 loaded (virusdatabase version 2437/5092) and version 2012.0.2180 and when I run a full scan get the following report: Scan "Anti-Rootkit scan" completed. Rootkits;"3";"0";"3" Rootkits ;"File";"Infection";"Result" ;"<unknown>";"Corrupted section hal.dll[.text] HalBeginSystemInterrupt+0x73, size 10 bytes";"Object is hidden" ;"<unknown>";"Corrupted section hal.dll[.text] HalDisableSystemInterrupt+0x21, size 7 bytes";"Object is hidden" ;"<unknown>";"Corrupted section hal.dll[.text] HalEnableSystemInterrupt+0x6C, size 7 bytes";"Object is hidden" If I run MS Security Essentials i finds no threat detected and neither does the MS Safety Scanner (1.0.3001.0). AVG cannot heal or remove and reports them as potentially dangerous rootkits which it can't remove. Does anyone know whether these are actually an issue or whether just the product of the OS running as a VM and producing a false positive.

June 25, 2012 16:41	Re: Rootkit Detection Virtual Machine #210643
	Reply with Quote \| Quick Reply \| Top
_malchys_ TechBuddy Ambassador Join Date: 2.5.2012 Posts: 1636	Hello braddesu, Please provide us with more information (AVG scan result export, MSInfo output and GMER scan results) regarding this issue. Thank you. AVG Team How-To articles \| FAQ \| Free Support We Protect Us Computer not working? Laptop slowing down? Let our AVG TechBuddy expert remotely fix it for you. Find out more (US & Canada)

June 26, 2012 00:29	Re: Rootkit Detection Virtual Machine #210745
	Reply with Quote \| Quick Reply \| Top
BIG AL 43 Moderator Join Date: 18.6.2009 Posts: 21648	@ braddesu For your info also have a look thro' this link http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=205259. AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063 Alan How-To Articles \| FAQ \| Free Support

June 26, 2012 13:08	Re: Rootkit Detection Virtual Machine #210812
	Reply with Quote \| Quick Reply \| Top
braddesu Novice Join Date: 25.6.2012 Posts: 3	Upload result & Scan info.. I read you posts for a similar case as suggested. (ie: May 30, 2012 16:45 Object Inaccessible, Running Virtual PC #205259 raye215). This user's situation is almost an exact duplicate, except I'm running a later version of AVG and with later version of Database. Even his errors for his three rootkits were the same results ie: Rootkits ;"File";"Infection";"Result" ;"<unknown>";"Corrupted section hal.dll[.text] HalBeginSystemInterrupt+0x73, size 10 bytes";"Object is hidden" ;"<unknown>";"Corrupted section hal.dll[.text] HalDisableSystemInterrupt+0x21, size 7 bytes";"Object is hidden" ;"<unknown>";"Corrupted section hal.dll[.text] HalEnableSystemInterrupt+0x6C, size 7 bytes";"Object is hidden" I have run GMER and MSinfo. As soon as I ran GMER I ended with seven rootkits found which I can't get rid off. It seems to me these are all false postives. The three as a standard install of the VM and GMER creating the other four issues. Your posts with regard to Raye conclude "No, it is one bit corruption it doesn't influence any functionality." Which I understand to be "it's not a problem don't worry about". What is a one bit corruption however? Really I need to know: 1) What is a one bit corruption and is it even worth addressing as an issue? 2) Are the other 4 rootkits detected the results of GMER and can I ignore them? 3) Surely if these are know issue but have no impact on the VM or have any negative side effects you shouldn't be flagging them as a problem? 4) Even if you try to cure the rootkits one by one - it's does not work - is there any solution? Kind Regards Braddesu AVG.zip

June 28, 2012 15:41	Re: Rootkit Detection Virtual Machine #211057
	Reply with Quote \| Quick Reply \| Top
Pokornyz TechBuddy Ambassador Join Date: 29.11.2010 Posts: 6002	Hello braddesu, Your situation is exactly same virtual machine is clean and you don't need to worry about it. Detection of "one bit corruption" should be removed in future versions of AVG. 2) Are the other 4 rootkits detected the results of GMER and can I ignore them? Provided GMER output is clean -> 0 rootkits Thank you AVG Team How-To articles \| FAQ \| Free Support We Protect Us Computer not working? Laptop slowing down? Let our AVG TechBuddy expert remotely fix it for you. Find out more (US & Canada) KW: 88054

June 29, 2012 19:02	Re: Rootkit Detection Virtual Machine #211154
	Reply with Quote \| Quick Reply \| Top
BIG AL 43 Moderator Join Date: 18.6.2009 Posts: 21648	All Users For the latest AVG Team info see Weekly Overview: 27/2012.. Anti-Rootkit scan detects a corrupted file. AVG 2013 is currently available in beta testing (Weekly Overview: 26/2012). Subscribe to this RSS feed if you want to be notified about new Weekly Overviews. AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063 Alan How-To Articles \| FAQ \| Free Support

New thread Reply

Go to

Previous thread |

Up to parent | Next thread