Avast MBR Scanner

Discussion in 'other anti-malware software' started by G1111, May 4, 2011.

Thread Status:
Not open for further replies.
  1. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    aswMBR is a rootkit scanner that scans for TDL4/3, MBRoot (Sinowal) and Whistler rootkits. -http://public.avast.com/~gmerek/aswMBR.htm-
     
  2. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Thanks for the heads up! :thumb:
     
  3. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Thanks for the heads up :D
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,034
    Thank you!
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    aswMBR 0.9.7 available. See first post for link. New version gives option to download Avast Free Antivirus for scan.
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    aswMBR 0.9.8 is now available. -http://public.avast.com/~gmerek/aswMBR.htm-
     
  7. RootAccess

    RootAccess Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    64
    Is this service integrated with the main antivirus program?
     
  8. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,535
    Location:
    Sweden
    Yes, I wonder the same. Will this be implemented in the normal Avast! software? Or is it already there when you do a boot-up scan?
     
  9. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Nice if its part of the AV program. If it's not I wonder if it will be.
     
  10. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,535
    Location:
    Sweden
    I do believe it's already in the program when you schedule a boot-scan. Correct me if I'm wrong.
     
  11. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    621
    Yes the same technology is included in the normal avast Free/Pro/IS products as well.

    Thanks
    Vlk
     
  12. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    aswMBR 0.9.9 now available at: -http://public.avast.com/~gmerek/aswMBR.htm-
     
  13. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    good to know! thanks for the heads up! :thumb:
     
  14. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    202
    Can we assume that this tool uses the same definitions as the regular avast! products? So to speak, a tool like Kaspersky VRT or Norman Malware Cleaner or Emsisoft Emergency Toolkit?

    Thanks! :D
     
  15. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    When you open it it gives you the option to download Avast virus definitions. If you don't it does a quick scan of MBR and System32/Drivers.
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, it isn't necessary to have avast! installed, at all? I remember asking it over avast forum, but I got the impression I had to have avast! already installed. :oops:
     
  17. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    I don't have Avast installed and use the aswMBR and aswar (anti-rootkit) programs with no problems.
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, I do run it too. But, I meant the avast! malware definitions. I always thought one needed avast! to be already installed. It wouldn't make much sense now that I think about it, though. :D
     
  19. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    No you don't have to download the definitions for the quick scan or have Avast already installed.
     
  20. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    687
    Location:
    Europe
    This link doesn't work, sorry.
     
  21. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    Copy and paste the middle part (not the hyphen - at each end).
     
  22. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    687
    Location:
    Europe
    Yes,thanks G1111

    I saved to my dekstop and when clicking it doesn't launch on my laptop. Nevertheless, I can see the process running on the Task Manager.

    PS: I disabled Emsisoft EAM 6 to be sure.

    What's wrong on it ?
     
  23. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    Not sure what you mean. I saved it to a folder I created in C:/ and then created a short cut. Is running fine here. Only runs when I do a scan. I normally don't download the Avast virus definitions. It takes long time to scan.
     
  24. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    687
    Location:
    Europe
    It's okay, I disabled EAM 6 and WSA and it works fine.

    It detects a rootkit :

    ...
    01:42:49.208 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
    01:42:49.213 Disk 0 trace - called modules:
    01:42:49.220 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    01:42:49.225 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850b55f0]
    01:42:49.572 3 CLASSPNP.SYS[865a08b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84408030]
    01:42:49.579 Scan finished successfully
    01:43:30.040 Disk 0 MBR has been saved successfully to "C:\Users\Flore\Desktop\MBR.dat"


    I can suppose that the unknow rootkit is Rollback Rx Mbr protection. Who can confirm this ?
     
  25. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,236
    Location:
    USA
    Don't use Rollback so can't say. The text from the scan would be red if a bootkit was detected. If text was all black it did not detect anything.
    EDIT: Yes I see in first line that it is indicating a bootkit. Maybe try the new BitDefender Bootkit scanner or post results on Avast's forum and see what their opinion is.
     
    Last edited: Dec 23, 2011
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.