Avast MBR Scanner

Discussion in 'other anti-malware software' started by G1111, May 4, 2011.

Thread Status:
Not open for further replies.
  1. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    aswMBR is a rootkit scanner that scans for TDL4/3, MBRoot (Sinowal) and Whistler rootkits. -http://public.avast.com/~gmerek/aswMBR.htm-
     
  2. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Thanks for the heads up! :thumb:
     
  3. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Thanks for the heads up :D
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Thank you!
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    aswMBR 0.9.7 available. See first post for link. New version gives option to download Avast Free Antivirus for scan.
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    aswMBR 0.9.8 is now available. -http://public.avast.com/~gmerek/aswMBR.htm-
     
  7. RootAccess

    RootAccess Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    64
    Is this service integrated with the main antivirus program?
     
  8. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Yes, I wonder the same. Will this be implemented in the normal Avast! software? Or is it already there when you do a boot-up scan?
     
  9. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Nice if its part of the AV program. If it's not I wonder if it will be.
     
  10. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I do believe it's already in the program when you schedule a boot-scan. Correct me if I'm wrong.
     
  11. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    Yes the same technology is included in the normal avast Free/Pro/IS products as well.

    Thanks
    Vlk
     
  12. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    aswMBR 0.9.9 now available at: -http://public.avast.com/~gmerek/aswMBR.htm-
     
  13. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    good to know! thanks for the heads up! :thumb:
     
  14. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    Can we assume that this tool uses the same definitions as the regular avast! products? So to speak, a tool like Kaspersky VRT or Norman Malware Cleaner or Emsisoft Emergency Toolkit?

    Thanks! :D
     
  15. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    When you open it it gives you the option to download Avast virus definitions. If you don't it does a quick scan of MBR and System32/Drivers.
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, it isn't necessary to have avast! installed, at all? I remember asking it over avast forum, but I got the impression I had to have avast! already installed. :oops:
     
  17. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    I don't have Avast installed and use the aswMBR and aswar (anti-rootkit) programs with no problems.
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, I do run it too. But, I meant the avast! malware definitions. I always thought one needed avast! to be already installed. It wouldn't make much sense now that I think about it, though. :D
     
  19. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    No you don't have to download the definitions for the quick scan or have Avast already installed.
     
  20. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    This link doesn't work, sorry.
     
  21. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Copy and paste the middle part (not the hyphen - at each end).
     
  22. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Yes,thanks G1111

    I saved to my dekstop and when clicking it doesn't launch on my laptop. Nevertheless, I can see the process running on the Task Manager.

    PS: I disabled Emsisoft EAM 6 to be sure.

    What's wrong on it ?
     
  23. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Not sure what you mean. I saved it to a folder I created in C:/ and then created a short cut. Is running fine here. Only runs when I do a scan. I normally don't download the Avast virus definitions. It takes long time to scan.
     
  24. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    It's okay, I disabled EAM 6 and WSA and it works fine.

    It detects a rootkit :

    ...
    01:42:49.208 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
    01:42:49.213 Disk 0 trace - called modules:
    01:42:49.220 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    01:42:49.225 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850b55f0]
    01:42:49.572 3 CLASSPNP.SYS[865a08b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84408030]
    01:42:49.579 Scan finished successfully
    01:43:30.040 Disk 0 MBR has been saved successfully to "C:\Users\Flore\Desktop\MBR.dat"


    I can suppose that the unknow rootkit is Rollback Rx Mbr protection. Who can confirm this ?
     
  25. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Don't use Rollback so can't say. The text from the scan would be red if a bootkit was detected. If text was all black it did not detect anything.
    EDIT: Yes I see in first line that it is indicating a bootkit. Maybe try the new BitDefender Bootkit scanner or post results on Avast's forum and see what their opinion is.
     
    Last edited: Dec 23, 2011
Loading...
Thread Status:
Not open for further replies.