Loopholes in Avast for Trojans,Worms
------------------------------------
(1)wJQs.exe,(2)rhccttajOe3e1,rehcttajOe3e1.exe(multiplys into different names for the first five digits,on each attempt to delete it and with another spurious name 'AntivirusXP 2008')(3)kdjcd and kdjcd.exe(4)Trojan.Downloader.Banload.ma.1 (5)JOKE/BSOD.B as\6.tmp in system32.
These are the Trojans,Worms and Malwares entered in my computer while running AvastPro(On-access scan) and Spywareterminator(Realtime).
.........................
I use Avast & Spyw.Terminator simultaneously which gave complete protection for the past 8 months.On 08-08-'08,When I was seeing the search results of rapidbolt Search engine,suddenly Avastpopup came with usual siren-sound and 'Caution a Virus is detected' warning with options to terminate connection..I applied it but it could not block it.Again warning popup came with option to 'delete','delete all' and 'move to chest', I tried these 3 times when popup came again & again.So,that means it already entered my PC.Then I disconnected internet.By the time the rogue intruders placed an icon on my desktop resembling'Windows Deffender's'icon with a file name'AntivirusXP2008'.It already deleted my windows desktop-theme and put its own 'light blue theme' with middle banner showing 'AntivirusXP has found 1195 viruses on your computer'.Windows Firewall blocked the installation of this software,but I located its folder in Programs in C:\ and moved its uninstall icon to F:\ and I erased with 'Eraser' the other files.
I found the 'System Restore'to switch to previous point and Taskmanager to end processes are frozen.
........................
Then I took each weapon from my arsenal:-Ad-Aware2008free has deleted the worm & a malware,Spyw.Terntr.on demand scan has removed the other malwares.Nothing could delete the Trojan'rhccttajOe1.exe'.( I have Quick scanned with Avast,it gave 'Caution' but could not delete,once it could move it toChest,but the Rogue jumped out of it) I tried to open it with Notepad & erase the content-program,but again it came as'ephcpttajOe1'.
Then I used the Brute Force"DELAny", a small 2KB program(got from softpedia.com made by seconfig.sytes.net).It killed the Trojan in seconds.The remaining nails&tails of these 'rogues' were removed by SuperantispywarePro.
Using regedit.group-policy modification I regained the Desktop-tab & Screensaver,Theme-tabs removed from Dislay Properties by these rogues and reinstalled WindowsXPTheme.
The story ends there..(Sorry for the lengthy narration,but may be helpful for users who face such attacks).
--------------//----------
Avast Developers are requested to plug the loopholes to make it more trustworthy.Suggestions:-
(1)Append one Brute Force Program like DELANY in Avast so that it can delete any rogues that are not rootkitted and crept-in through Avast to the user's PC.
(2)Make the User Interface some more informative.The present one looks modern but very crude.The user requires information as to what it does when it Scans the PC on demand.Now nothing is seen except for a small lightly glowing line(and the user is made "Baby Sitting" with the scan).Avast must be able to show progress of scan,time taken& remaining,where it scans:-memory,registry,files etc.Progress of the scan is to show what it captures with their path for the users' choice to delete,move to chest,ignore.If it does not take any action the user should be able to see the 'paths' to locate it.
Instead,now it gives a Notepad with the scanlog.The user can't do anything with that.