AVG forum

Question

Rootkits found by scan

by WWDug / May 19, 2011 8:34 AM PDT

Hi AVG,
In tonights daily scan it informed me it had found 4 rootkits but had not healed or deleted them.

I ran another scan with the rootkit app and it then stated it had found 8 rootkits not healed or deleted when higlighted for futher info I copied it .

"";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtUserQueryWindow hook -> dwprot.sys +0x13878";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtUserSwitchDesktop hook -> dwprot.sys +0x13814";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtAllocateVirtualMemory hook -> dwprot.sys +0x14088";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtCreateThread hook -> dwprot.sys +0x151E0";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtFreeVirtualMemory hook -> dwprot.sys +0x14306";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtOpenSection hook -> dwprot.sys +0x13ED2";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtQueueApcThread hook -> dwprot.sys +0x152E2";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtSetContextThread hook -> dwprot.sys +0x1532E";"Object is hidden"
when highlighted it gave the option of removing the selected items does that delete them.

Thanks in advance
www

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Rootkits found by scan
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Rootkits found by scan
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Clarification Request
Me2: same messages--but have no dwprot.sys file--help?
by cjchristensen / August 19, 2012 5:15 AM PDT
In reply to: Rootkits found by scan

I had the file, but removed it a couple of days ago. Still getting lots of messages like the above. Something seems to be calling for the file--and that something is the problem???? I no longer have DrWeb on the system; I've removed Qoobox, and any other file it may have left behind that I know of.

MS Security essentials says I'm fine. So does Malwarebytes.

Collapse -
RE: Me2: same messages--but have no dwprot.sys file--help?
by JiriF_AVG AVG Staff / August 20, 2012 8:41 PM PDT
Collapse -
It's gone!
by cjchristensen / August 21, 2012 1:38 AM PDT

I didn't do anything further except update AVG every day and run a new scan. The new scan found nothing. However, I did enable 'scanning inside archives' and 'thorough scan' this last time, which are not part of the default.

I guess we'll have to stay mystified.

Thanks for answering,though.

All Answers

Collapse -
Answer
Re: Rootkits found by scan
by Ondrej_AVG / May 19, 2011 4:11 PM PDT
In reply to: Rootkits found by scan

Hello WWDug,

I would like to inform you that dwprot.sys is driver of another protection application Dr.Web Anti-Virus.
It is generally not recommended to run more protection applications together due to possible conflict or unstable system environment.

Please be informed that AVG Anti-Rootkit detects all processes (not digitally certified by trusted authority), which are using rootkit technique to hide their actions. The detected rootkit can be a virus, as well as a part of a commercial application (more information).

And because dwprot.sys is not signed, AVG detects its presence on the computer. Please ask the supplier Dr.Web to sign his drivers properly.

Thank you

Collapse -
Rootkits
by WWDug / May 20, 2011 1:33 AM PDT

Thanks for the prompt reply,RE:Dr.Web Anti-Virus. I did not load this programme that must be the problem,system now won't boot into the OS as soon as can get everything restored I will delete it.

Regards

WWDug.

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.