A V G 9 I nternet Sec urity © 2 0 1 0 C opyright A V G T ec hnologies C Z, s .r.o. A ll rights res erved.
2 0 2
12.7.5. Rootkits Tab
The
Rootkits
tab displays information on rootkits detected during scanning if you have
launched the
Anti-Rootkit scan
.
A
rootkit
is a program designed to take fundamental control of a computer system,
without authorization by the system's owners and legitimate managers. Access to the
hardware is rarely required as a rootkit is intended to seize control of the operating
system running on the hardware. Typically, rootkits act to obscure their presence on
the system through subversion or evasion of standard operating system security
mechanisms. Often, they are also Trojans as well, thus fooling users into believing
they are safe to run on their systems. Techniques used to accomplish this can include
concealing running processes from monitoring programs, or hiding files or system data
from the operating system.
The structure of this tab is basically the same as the
Infections tab
or the
Spyware
tab
.
12.7.6. Information Tab
The
Information
tab contains data on such "findings" that cannot be categorized as
infections, spyware, etc. They can neither be positively labeled as dangerous but they
are still worth your attention. AVG scan is able to detect files which may not be
infected, but are suspicious. These files are reported either as
Warning
, or as
Information
.
The severity
Information
can be reported for one of the following reasons:
·
Run-time packed
- The file was packed with one of less common run-time
packers, which may indicate an attempt to prevent scanning of such file.
However, not every report of such file indicates a virus.
·
Run-time packed recursive
- Similar to above, however less frequent
amongst common software. Such files are suspicious and their removal or
submission for analysis should be considered.
·
Password protected archive or document
- Password protected files can
not be scanned by AVG (
or generally any other anti-malware program
).
·
Document with macros
- The reported document contains macros, which
may be malicious.
·
Hidden extension
- Files with hidden extension may appear to be e.g.
pictures, but in fact they are executable files (
e.g. picture.jpg.exe
). The
second extension is not visible in Windows by default, and AVG reports such
files to prevent their accidental opening.
·
Improper file path
- If some important system file is running from other than
default path (
e.g. winlogon.exe running from other than Windows folder
), AVG
reports this discrepancy. In some cases, viruses use names of standard system
processes to make their presence less apparent in the system.