Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: gott_ad on August 23, 2005, 12:57:55 PM
-
hi,
yesterday i have downloaded an archives that contains an exe file with a Trojan.
after unpacking and starting the exe file (avast said NOTHING) the program (msiexec16.exe or something like that) closed avast and started some other programs...
(the Trojan was stupid, it only writes itself to the autorun key in the registry and i have deleted the file, the system is now clean)
but my question is, why haven't avast scanned the exe file after i double-clicked it??? today i have scanned the package (that included the exe file) and avast detected the Trojan!!! should i scan every file with the context-menu-entry, before i starting them???
i have the normal setting for the scan-engines and using avast 4.6 and now I'm waiting for help ;-)
thanks
gott_ad
-
No, you don't have to scan downloaded files if you set the sensitivity to High.
But, archive files are not scanned on-access due to a system performance degradation.
When unpacked, the files should be caught by the Standard Shield.
If you use a download manager, you can add a link to ashQuick.exe to scan the downloaded files.
If you use P2P applictions, enable the provider.
-
Tech you missed his point.
after unpacking and starting the exe file (avast said NOTHING) the program (msiexec16.exe or something like that) closed avast and started some other programs...
Even when Run avast! didn't detect it and closed avast!.
@ gott_ad - Urgent
If you are not getting a virus warning and you believe it is a new or undetected virus, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).
Give a brief outline of the problem (a link to this thread may be useful), the fact that you believe it to be a new or undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html)
-
When investigating a similar report a while ago I found that the scanning of executable files had been "clicked off" in the basic settings tab of the customize page of the standard shield.
While this may not be the case here it is worth checking that defaults are in use.
Tech's point on automating the thorough scanning of downloaded files using ashquick .exe (as I do with Firefox) is very worthwhile too. (The old refrain - stop the virus before it gets on your hard drive).
-
thanks for replay!
i have send the virus to alwil-soft and i think, i know the problem. the exe file has an icon like an archive and therefore avast thinks it is an self extracting archive and don't scanning it. but it is a faked exe file and it is not an archive.
-
Alanrf, From above you posted:
Tech's point on automating the thorough scanning of downloaded files using ashquick .exe (as I do with Firefox) is very worthwhile too. (The old refrain - stop the virus before it gets on your hard drive
I use firefox also, and when I download something, I right click and scan it from the context menu. How are you automating the scan of downloaded files?
-
I use firefox also, and when I download something, I right click and scan it from the context menu. How are you automating the scan of downloaded files?
For Firefox context menu you can use Dr. Web extension.
For downloaded files, use FlashGot to manage downloads. Probably, other extensions would have the option to an external virus scanner.