Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: MWassef on September 25, 2003, 11:39:52 PM
-
Today I created the file untitled.com with EICAR test string but the standard shield and on-demand scanner did not detect it ???
When I double-click on it I received the attached error message ..
then I tried to scan it with Nod32, it poped-up with an alert that this file infected with EICAR virus so I choosed to rename the file (untitled.Vcom).
Just after renaming the file Avasts4 poped up with the alert that this file is infected with the EICAR virus ??? ??? ??? ???
Avast4 detected it in a .Vcom file and failed to detect it in a .com file ??? ??? .. This is strange !!
[font=Verdana color=red]EDIT: - Avast4: ver 4.1.268
- Virus DB : 0309-3 dtd 23.9.2003
- OS: Winb98se[/font]
-
Attached error , sorry ;D ;D
-
Hey, minacross, since nobody answer your question, I´ll use your forum to post another strange thing:
I have send from one e-mail to another an eicar.com file attached from a floppy.
The configuration of SMTP, POP, mail protection, etc. are set to scan e-mail both send and received...
Strange! I could send and receive the e-mail without an avast! warning... :o
What´s up?
-
strange indeed ??? ???
-
Hey, minacross, since nobody answer your question, I´ll use your forum to post another strange thing:
I have send from one e-mail to another an eicar.com file attached from a floppy.
The configuration of SMTP, POP, mail protection, etc. are set to scan e-mail both send and received...
Strange! I could send and receive the e-mail without an avast! warning... :o
What´s up?
Double sorry (quotting myself...).
The attach with eicar.com virus test was send without the attach due to the automactic settings of Internet Mail Provider...
Sorry, avast! is working perfectly :D
-
Vlk, any advice ? ??? ???
-
the problem still exists after yesterdays update (9/26) :'( :'( :'( :'( :'(
N.B.: I downloaded the files:
- eicar.com
- eicar_com.zip
- eicarcom2.zip
from eicar.org and Avast4 did not detect the file in them ??? ???
-
BTW, I do not have iNEWS with the splash screen ??? ???
No modifications done to avast4.ini ???
-
avast4.ini ??? :o
-
I really need your help Alwil team.. :'( :'( :'( :'( :'( :'( :'(
-
Hey minacross!
Could you post your settings of avast4.ini and the Resident Shild (extensions being scanned, etc.)?
While avast! team is sleeping let the forum try to help you ;D
-
Hey minacross!
Could you post your settings of avast4.ini and the Resident Shild (extensions being scanned, etc.)?
While avast! team is sleeping let the forum try to help you ;D
- P2P, IM and Outlook/exchange providers are disabled
- RS is adjusted to scan created/modifued files as well as opened files(default extension set).
- Avast4.ini is attached to this post .
Thanx Technical :)
-
I reinstalled Win98se from command prompt with the same ssetting, every time I reboot I receive the fillowing error(s): :'( :'( :'(
-
then this one..
-
then this one ..
-
I fixed the probelm of these errors ;D ;D ;D
- I removed the mail protection
- I removed the "Microsoft Family Logon" from Control Panel> Network (win98se) then re-added it again.. ;)
- I reenabled the mail protection again.
- It works now ;D ;D ;D
But the problem of not detecting the eicar file still there ??? ???
-
OK fine let's focus on the eicar.com problem (and minacross, you're already senior member, you should know that posting multiple, non-related questions (issues) to the same thread is not ideal... ;)).
The interesting part is that the file is blocked from execution. Someone has to be causing this... If it's avast, you should at least see the file in the 'last scanned filed' entry in the on-access protection dialog. If it's not avast, it must be something else. I've noticed you were saying Nod detected the file - isn't Nod involved here? I mean, don't you have Amon activated (it might be activated even if it says it's inactive...).
Also, don't you have the 'Silent mode' in the Standard Shield's settings on?
Vlk
-
OK fine let's focus on the eicar.com problem (and minacross, you're already senior member, you should know that posting multiple, non-related questions (issues) to the same thread is not ideal... ;)).
sorry for that :-[
The interesting part is that the file is blocked from execution. Someone has to be causing this... If it's avast, you should at least see the file in the 'last scanned filed' entry in the on-access protection dialog. If it's not avast, it must be something else. I've noticed you were saying Nod detected the file - isn't Nod involved here? I mean, don't you have Amon activated (it might be activated even if it says it's inactive...).
yes the file is scanned by the standard shield (see attached pic).
I disabled Nod32 by unchecking its modules from the startup menu (I use "Startup Control Panel" from http://www.mlin.net/ (http://www.mlin.net/)), not by shutting it down..
Also, don't you have the 'Silent mode' in the Standard Shield's settings on?
Vlk
No I do not have 'Silent mode' in the Standard shield's settings..
I hope this is helpful to you :)
-
the attached pic.. 8)
-
- RS is adjusted to scan created/modifued files as well as opened files(default extension set).
There are some other foruns - seach for mantra´s post - that relate some troubles with the created/modified files & default extension set.
Sometimes, it´s necessary to repeat all the extensions in the text box. If you want, just copy and paste the following line (even if you checked the default extension set):
{*},386,AD?,ASP,ASX,BAS,BAT,BIN,CH?,CLA*,CMD,COM,CPL,CRT,CSS,DLL,DO?,EML,EXE,HLP,HT*,INF,INS,ISP,JS*,LNK, MDB,MDE,MS?,NWS,OCX,OV?,PCD,PDF,PIF,PO?,PP?,PRC,PRF,REG,RTF,SCF,SCR,SCT,SHB,SHS,SWF,SYS,URL,VB?,VSD,VXD,WS?,XL?
Maybe you can add:
ACE,ARC,ARJ,BZIP2,CAB,GZIP,HTM*,PST,RAR,TAR,ZIP,ZOO
I´ll take a look at your avast.ini file lather ;)
-
Wait a moment it's listed in the Last Scanned File field and still is not being detected?!?!
What is the exact size of the file? Can you post the file to the forum?
Thanks
-
68 byte.
(I made it .txt file as I could not attach the .com file).. ??? ???
-
see.. :o :o
-
This must be an anti-virus. Something is blocking access to the file. It's either avast or some other AV program.
It would all make sense because avast is scanning the file (it's shown in Last Scanned File field) but doesn't detect a virus in it (because some other process is blocking access to the file).
Are you sure you don't have any other antivirus active?
Also, try rebooting the machine and when it starts up, disable the avast resident protection. Then try to open the file in Explorer - does it work? If it does it must be actually avast who's blocking access to the file...
Interesting...
Vlk
-
This must be an anti-virus. Something is blocking access to the file. It's either avast or some other AV program.
It would all make sense because avast is scanning the file (it's shown in Last Scanned File field) but doesn't detect a virus in it (because some other process is blocking access to the file).
Are you sure you don't have any other antivirus active?
attached a snap shot of my startup programs, I have no AV loaded but Avast4. ???
Also, try rebooting the machine and when it starts up, disable the avast resident protection. Then try to open the file in Explorer - does it work? If it does it must be actually avast who's blocking access to the file...
Interesting...
Vlk
I rebooted the machine and disabled the resident protection (as you can see in the attached pic) the created the eicar.com file.
As I double-clicked on it, I received the same strange error ??? ???
Do I have to reformat my c: partition and reinstall windows again? :'( :'( :'( :'( :'( :'( :'(
-
Hehe it doesnt have to be a program, it can be a driver. And since you have Nod32 installed, Amon's driver is the obvious tip. Try temporarily renaming all *.vxd files in the nod directory (or they may also be in the system directory)
-
Wow,It worked.. ::) ::) ::) ::) I renamed amon.vxd and nod32m1.vxd. I rebooted, just before loading Windows the booting process was stopped by a missing file (amon.vxd) and asked me to press any key to continue.. ??? ???
I did, and Windows finished loading..
when I tried to create eicar.com the resident protection detected it at once.. ;D
it seems to be a conflict between Nod32 and Avast4 :'( :'( :'(
Many thanks Vlk for you precious help ;D ;D ;D
BTW: I think ESET guys have to know about this, so I will post this at Nod32's forum.
-
It's NOT imho a conflict. It's a bug (or feature? ;)) in Nod.
Remember that you were not able to access the file even if avast was completely disabled (so it's not a conflict).
Anyway, am glad we've sorted this out.
-
Today I created the file untitled.com with EICAR test string but the standard shield and on-demand scanner did not detect it ???
When I double-click on it I received the attached error message ..
then I tried to scan it with Nod32...
Sorry minacross. I lost something in your first post... :-[
Two antivirus at the same computer always mess everything :'(
If you want a "backup" (not resident) second av, try BitDefenderPersonal (Free Edition). It is perfectly compatible with avast! (see: http://www.avast.com/forum/index.php?board=1;action=display;threadid=859;start=new).
Thanks, Vlk. ;)
-
thanx Technical ;D
-
thanx Technical ;D
You´re wellcome (and all other users foruns too).
Avast does its job! ;)
-
It's NOT imho a conflict. It's a bug (or feature? ;)) in Nod.
Remember that you were not able to access the file even if avast was completely disabled (so it's not a conflict).
Anyway, am glad we've sorted this out.
unfortunatly it is a conflict between Avast4 and Nod32 :( :(
a few days ago I uninstalled Avast4 (to check some iNEWS problem) then installed eTrust 7 promo as my on-access scanner and unchecked both NOD32kernel and nod32kui without unloading/renaming amon.vxd..
When I tried to create eicar.com file , eTrust detected and stopped it at once..
I do not understand exactly why Avast4 - only - is conflicting with Nod32 ? ??? ??? :'( :'( :'(
-
why is this a bug ???
imho lots of AV-Monitors (e.g. AVPE) load not from the startup-panel Mina shows above, but by Services/devices/(vxd)-drivers somewhere else..
I guess Mina just would have to properly disable NOD32 via its own config, or by uninstalling & reinstalling it WITHOUT the NOD-Monitor/On-Access-Scanner ;)
-
Sorry Mina, didn't read your last post..
did you reinstall Nod after renaming the VXD ?
did you check it works on eicar before installing the other AV again ?
-
Nod32 is working fine ??? ???
My problem is that Avast4 on-access/on-demand scanners can not catch eicar file while Nod32 is disabled only from the startup list (amon.vxd is loaded).
-
Well, as you can see, disabling NOD32 from Startup is not enough - the resident protection is loaded and active. It is bloking the access to "infected" files (such as Eicar) - so it is no wonder that avast can't catch it (when it can't read it at all).