Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: 927 on January 25, 2006, 02:10:55 AM

Title: very annoying!
Post by: 927 on January 25, 2006, 02:10:55 AM
its not the first time...:
after a file is scannad at jotti and avast finds problem x, then you do search "here" and nothing is found. in this case avast found something it calls Win32:Tysin ???  and i wanna know more about Win32:Tysin   :P

and no, its not on my computer
Title: Re: very annoying!
Post by: igor on January 25, 2006, 08:31:38 AM
What exactly do you mean?
Are you saying that avast! scanner at Jotti finds a malware, but locally installed avast! doesn't detect anything in that file? If yes, what is the exact version of avast! (locally) installed and how exactly do you scan the file?
Title: Re: very annoying!
Post by: DavidR on January 25, 2006, 03:38:59 PM
I believ that 927 is saying there is no information on 'Win32:Tysin' using the avast.com web site search (the link given above).

@ 927
Unfortunately there is no common virus naming convention for virus names so what is picked up by another AV may well calle it comething different, an alias.
A google search for Win32:Tysin returns a couple of hits, in one there is a Jotti listing which shows other aliases.
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 0aa3f3fd19c7fb7e9ec0521f203ac067
Packers detected:
Scanner results
Found Trojan/Fasiat
Found nothing
Found Win32:Tysin
AVG Antivirus
Found nothing
Found Trojan.VB.AE
Found nothing
Found Trojan.Landa
F-Prot Antivirus
Found nothing
Found W32/VB.AB
Kaspersky Anti-Virus
Found Virus.Win32.VB.ab
Found Win32/VB.NBE
Norman Virus Control
Found nothing
Found nothing
Found nothing

However, if you were to do a search for some of the other names given by the other AVs then you may well find more information. The Win32.VB.ab alias seems to return much more information.
Title: Re: very annoying!
Post by: 927 on January 25, 2006, 04:47:06 PM
yes the real good av's has lot of info on certain virus or trojans (when you do a search on the website)

you are a long way from this

but since avast is free i don't complain (much)  :-X
Title: Re: very annoying!
Post by: Vlk on January 25, 2006, 05:09:10 PM
927, every rule has an exception.. ;)
Title: Re: very annoying!
Post by: DavidR on January 25, 2006, 05:28:27 PM
yes the real good av's has lot of info on certain virus or trojans (when you do a search on the website)

you are a long way from this

but since avast is free i don't complain (much)  :-X
Just because detailed information isn't available on the web site doesn't mean avast isn't a good AV. Some of those that provide detailed information miss stuff that is picked up by avast.

Not to mention the information is out there, so devoting a team to this task would take people of the active development of avast.

There are many free products but I personally don't choose something just because it is free, it has to be up to the job and if it happens to be free that is a bonus.

Welcome to the forums and avast!
Title: Re: very annoying!
Post by: 927 on January 26, 2006, 01:07:21 AM
yes but you want the hole package, not just a name when you are infected

what do "you" call blackworm/kama sutra/nyxem?
Title: Re: very annoying!
Post by: szc on January 26, 2006, 01:18:27 PM
Well I believe we already have a whole package... just try to find some free help at some other antivirus forum (if there is any provided for freeware version of the program). Virus naming doesn't mean anything when it comes to protecting part of the job, it's just an info, nothing else. Since avast! was installed first time on all my machines, term virus is unknown term here. That's what counts.
Title: Re: very annoying!
Post by: 927 on January 26, 2006, 03:55:46 PM
when a trojan is found you wanna know how you got it, is it dangerous, what it did do, how can i fix it. some of them are really nasty!

if you think this is "just info" it's sad


symantec don't have the "hole package" since nav sucks when it comes to find and preventing malware, big time, but the info is good.
avast is much better at this and offcourse is this way more important but information is still important
Title: Re: very annoying!
Post by: szc on January 26, 2006, 04:21:44 PM
It is not sad... it is the fact that most people don't even look at those information, they simply want to be protected. Do not forget that most people are still "normal" users without some extensive computer knowledge. They need a good antivirus, and they got it.  ;)
Title: Re: very annoying!
Post by: CharleyO on January 26, 2006, 04:32:17 PM

I have to agree with Tesla. Although I've messed with computers for 25+ years, security is the main thing with my computer these days and I could really care less what the name of the virus is nor what each av program calls it.    ::)

927, perhaps you think you need to know a virus name simple because you are use to an inferior av program with which you had to know or else you could not remove the infection it let in.    ???

My main concern is that it is stopped before it does damage. AND, that is exactly what Avast! does and has done for more than 2 years for me.    :)

Title: Re: very annoying!
Post by: 927 on January 26, 2006, 05:38:15 PM
Logfile of HijackThis v1.99.1
Scan saved at 10:29:56, on 2006-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Margareta\Skrivbord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.svt.se/texttv/202.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: www.wo365.com
O1 - Hosts: cmfu.com
O1 - Hosts: www.cmfu.com
O1 - Hosts: 9i0.com
O1 - Hosts: www.9flash.com
O1 - Hosts: 9flash.com
O1 - Hosts: www.nowok.net
O1 - Hosts: nowok.net
O1 - Hosts: wisa.com.cn
O1 - Hosts: www.sia.com.cn
O1 - Hosts: www.wisa.cn
O1 - Hosts: wisa.cn
O1 - Hosts: www.zhao99.com
O1 - Hosts: zhao99.com
O1 - Hosts: www.wo123.com
O1 - Hosts: wo123.com
O1 - Hosts: wo99.com
O1 - Hosts: www.wo99.com
O1 - Hosts: www.page.com.cn
O1 - Hosts: page.com.cn
O1 - Hosts: www.432.cn
O1 - Hosts: 432.cn
O1 - Hosts: wysw.com
O1 - Hosts: 14.com.cn
O1 - Hosts: www.14.com.cn
O1 - Hosts: cnww.net
O1 - Hosts: www.mv99.com
O1 - Hosts: mv99.com
O1 - Hosts: www.youav.com
O1 - Hosts: www.mtvav.com
O1 - Hosts: www.98983.com
O1 - Hosts: 98983.com
O1 - Hosts: www.114.com.cn
O1 - Hosts: 114.com.cn
O1 - Hosts: www.net114.com
O1 - Hosts: www.skywz.com
O1 - Hosts: skywz.com
O1 - Hosts: www.hao6.com
O1 - Hosts: hao6.com
O1 - Hosts: www.678a.com
O1 - Hosts: 678a.com
O1 - Hosts: www.7510.com
O1 - Hosts: 7510.com
O1 - Hosts: www.zzkan.com
O1 - Hosts: zzkan.com
O1 - Hosts: www.ca183.com
O1 - Hosts: ca183.com
O1 - Hosts: 3tom.com
O1 - Hosts: www.yhjm.com
O1 - Hosts: yhjm.com
O1 - Hosts: www.k369.com
O1 - Hosts: www.xxwww.com
O1 - Hosts: xxwww.com
O1 - Hosts: www.fm1000.net
O1 - Hosts: fm1000.net
O1 - Hosts: www.ok135.com
O1 - Hosts: ok135.com
O1 - Hosts: www.link999.com
O1 - Hosts: link999.com
O1 - Hosts: www.001wz.com
O1 - Hosts: 001wz.com
O1 - Hosts: www.7t7t.com
O1 - Hosts: 7t7t.com
O1 - Hosts: www.7k7k.com
O1 - Hosts: 7k7k.com
O1 - Hosts: www.webcool.net
O1 - Hosts: webcool.net
O1 - Hosts: www.51sobu.com
O1 - Hosts: 51sobu.com
O1 - Hosts: cy.51sobu.com
O1 - Hosts: www.fj3721.com
O1 - Hosts: fj3721.com
O1 - Hosts: www.msncn.com
O1 - Hosts: msncn.com
O1 - Hosts: www.6235.com
O1 - Hosts: 6235.com
O1 - Hosts: www.8goo.com
O1 - Hosts: 8goo.com
O1 - Hosts: www.baimin.com
O1 - Hosts: baimin.com
O1 - Hosts: www.bwwz.com
O1 - Hosts: bwwz.com
O1 - Hosts: www.howow.net
O1 - Hosts: howow.net
O1 - Hosts: www.tongchi.com
O1 - Hosts: tongchi.com
O1 - Hosts: www.65658.com
O1 - Hosts: 65658.com
O1 - Hosts: www.7o7o.com
O1 - Hosts: 7o7o.com
O1 - Hosts: 5126.net
O1 - Hosts: www.5126.net
O1 - Hosts: www.wangzhiku.com
O1 - Hosts: wangzhiku.com
O1 - Hosts: www.soyeah.com
O1 - Hosts: soyeah.com
O1 - Hosts: www.sowang.cn
O1 - Hosts: sowang.cn
O1 - Hosts: www.77177.com
O1 - Hosts: 77177.com
O1 - Hosts: www.look8.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program\ShopperReports\Bin\\ShprRprt.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program\E2G\IeBHOs.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O4 - HKLM\..\Run: [QT4StBtn] C:\Program\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program\Hotbar\Bin\\WeatherOnTray.exe
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32
O4 - HKCU\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"
O4 - HKCU\..\Run: [wmitra] C:\WINDOWS\system32\wmitra.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Date Manager.lnk = C:\Program\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program\Delade filer\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program\ShopperReports\Bin\\ShprRprt.dll
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program\ShopperReports\Bin\\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

maybe this will get you "fall" down from the high towers...

and if you want i can send you some istbar files i downloaded very easily,  whilst avast running  :-*
Title: Re: very annoying!
Post by: CharleyO on January 26, 2006, 05:52:43 PM

Do not click on any of those active links in that HJT log above. They lead you to China and thousands of cookies (no, not the good Chinese fortune cookies kind) ... probably spyware as well.    :(

(I am running updated spyware programs now.)


No spyware found!    8)

Since istbar is basically adware, it may not be detected by many av programs. You can get removal help for it at this link :


Title: Re: very annoying!
Post by: essexboy on January 26, 2006, 07:06:18 PM
and if you want i can send you some istbar files i downloaded very easily,  whilst avast running 

Avast is ANTIVIRUS not Antispy ware
Title: Re: very annoying!
Post by: szc on January 27, 2006, 02:57:24 AM
and if you want i can send you some istbar files i downloaded very easily,  whilst avast running 

Avast is ANTIVIRUS not Antispy ware

Exactly... and btw, 927 remove those links (or at least disable them) from the HijackThis log file. There are many fresh users, tending to click on each and every one link they see. Posting something like that is not recommended.
Title: Re: very annoying!
Post by: TedNelly on January 27, 2006, 03:59:56 AM
From your HJT log file     
No active firewall was found on your system a firewall will help!!
This is a bit like going out in your car leaving the keys in the ignition the doors unlocked
and expecting to come back and find your car just how you left it!! Ha Ha fat chance!!