AVG forum


Rootkits found by scan

by WWDug / May 19, 2011 8:34 AM PDT

In tonights daily scan it informed me it had found 4 rootkits but had not healed or deleted them.

I ran another scan with the rootkit app and it then stated it had found 8 rootkits not healed or deleted when higlighted for futher info I copied it .

"";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtUserQueryWindow hook -> dwprot.sys +0x13878";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtUserSwitchDesktop hook -> dwprot.sys +0x13814";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtAllocateVirtualMemory hook -> dwprot.sys +0x14088";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtCreateThread hook -> dwprot.sys +0x151E0";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtFreeVirtualMemory hook -> dwprot.sys +0x14306";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtOpenSection hook -> dwprot.sys +0x13ED2";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtQueueApcThread hook -> dwprot.sys +0x152E2";"Object is hidden" "";"C:\WINDOWS\system32\drivers\dwprot.sys";"Service function NtSetContextThread hook -> dwprot.sys +0x1532E";"Object is hidden"
when highlighted it gave the option of removing the selected items does that delete them.

Thanks in advance

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Rootkits found by scan
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Rootkits found by scan
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Clarification Request
Me2: same messages--but have no dwprot.sys file--help?
by cjchristensen / August 19, 2012 5:15 AM PDT
In reply to: Rootkits found by scan

I had the file, but removed it a couple of days ago. Still getting lots of messages like the above. Something seems to be calling for the file--and that something is the problem???? I no longer have DrWeb on the system; I've removed Qoobox, and any other file it may have left behind that I know of.

MS Security essentials says I'm fine. So does Malwarebytes.

Collapse -
RE: Me2: same messages--but have no dwprot.sys file--help?
by JiriF_AVG AVG Staff / August 20, 2012 8:41 PM PDT
Collapse -
It's gone!
by cjchristensen / August 21, 2012 1:38 AM PDT

I didn't do anything further except update AVG every day and run a new scan. The new scan found nothing. However, I did enable 'scanning inside archives' and 'thorough scan' this last time, which are not part of the default.

I guess we'll have to stay mystified.

Thanks for answering,though.

All Answers

Collapse -
Re: Rootkits found by scan
by Ondrej_AVG / May 19, 2011 4:11 PM PDT
In reply to: Rootkits found by scan

Hello WWDug,

I would like to inform you that dwprot.sys is driver of another protection application Dr.Web Anti-Virus.
It is generally not recommended to run more protection applications together due to possible conflict or unstable system environment.

Please be informed that AVG Anti-Rootkit detects all processes (not digitally certified by trusted authority), which are using rootkit technique to hide their actions. The detected rootkit can be a virus, as well as a part of a commercial application (more information).

And because dwprot.sys is not signed, AVG detects its presence on the computer. Please ask the supplier Dr.Web to sign his drivers properly.

Thank you

Collapse -
by WWDug / May 20, 2011 1:33 AM PDT

Thanks for the prompt reply,RE:Dr.Web Anti-Virus. I did not load this programme that must be the problem,system now won't boot into the OS as soon as can get everything restored I will delete it.



Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.