Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: gtaillandier on May 03, 2004, 08:32:46 PM

Title: Virus not detected
Post by: gtaillandier on May 03, 2004, 08:32:46 PM
Hello

I use Avast Home Edition ( build 4.1.396 ) ; here's my configuration for Standard shield :
   - Scanner (advanced )
         scan created/modified files
                all

I've scanned my fixed disk today and Avast found viruses in .exe files in Internet cache.

Can someone tell me why viruses DyfucDldr-F-UPX [Trj] and Revop [Trj] were not detected before.

Sincerely.
Title: Re:Virus not detected
Post by: Vlk on May 03, 2004, 08:58:57 PM
Both of these viruses were added to the database less than a week ago (see http://www.avast.com/i_idt_1404.html ) so it's quite likely that they got to your hard-disk before that update...

Vlk
Title: Re:Virus not detected
Post by: gtaillandier on May 06, 2004, 05:22:19 PM
Hello

Just another little problem with virus detection.

My PC was running for about 10 minutes without any virus alert. I've created a link in the start menu for Ashquick with options "*MEMORY" "*STARTUP", then I've launched it, and ( what a surprise ) a virus has been found in an .exe file which was running.

I don't understand why resident protection hasn't detected it.

Can you help me ?
Title: Re:Virus not detected
Post by: igor on May 06, 2004, 05:27:47 PM
Maybe because the virus was launched before avast!, in the Windows autostart order?
Title: Re:Virus not detected
Post by: Bernie on May 06, 2004, 09:15:06 PM
Quote
Maybe because the virus was launched before avast!, in the Windows autostart order?

 ??? Are you kidding? I thought the resident Avast! scanner is doing a memory scan when it starts...  :o

What for do I install an antivirus program? To detect and prevent viruses BEFORE they get active...

Well, i must say that I'm a little bit confuesed at the moment.
Title: Re:Virus not detected
Post by: Lisandro on May 07, 2004, 05:10:42 AM
What for do I install an antivirus program? To detect and prevent viruses BEFORE they get active...

Oh, you can only get this with a 'boot-time' scanning... You can schedule one to be sure that avast will scan before anything else is running.
In XP systems (or Windows in general) you cannot control the sequence of the boot and more than this, a virus will do everything to run 'before' the antivirus).

Are you using XP? Why don't you schedule a boot-time scanning with the option of archive scanning?
Title: Re:Virus not detected
Post by: igor on May 07, 2004, 09:43:25 AM
What for do I install an antivirus program? To detect and prevent viruses BEFORE they get active...

Sure - but the antivirus has to be active at the moment. When the antivirus is running (and it usually is soon after Windows OS is started), it can scan the started files, detect the viruses in them and deny access (i.e. not allow to start them) when a virus is really detected.
However, if a virus is started before the antivirus, you cannot do much about it. In fact, the virus may do exactly the same thing (and in a simple way, some viruses really do) - scan the started processes and not allow the antivirus programs to be started. Then, the virus simply "wins".

Otherwise - no, the resident scanner doesn't do a memory scan when it's started; it just begins to do its work - background monitoring of started files, transfered e-mail, etc.
If you want an initial memory scan, you can put a link to ashQuick.exe *MEMORY into your Startup.
Title: Re:Virus not detected
Post by: Bernie on May 07, 2004, 12:52:49 PM
Quote
However, if a virus is started before the antivirus, you cannot do much about it.

Well, if I understand you correctly, that means that IF a virus get's active BEFORE the resident part of Avast! starts I even don't get a message at least i.e. that I should do a "Boot time scan" or a "full scan".

If that's the case why isn't then the "initial memory" scan (maybe as an option) implemented in the resident scanner? ???

Of course I understand that a virus that is already resident in memory can't be removed. But I should at least get a message that I have to take some other action.
Title: Re:Virus not detected
Post by: RejZoR on May 07, 2004, 02:14:31 PM
I general this would be a good thing. Checking memory before loading other avast! components,or simply starting first (but this is quiet random by Windows itself)
Title: Re:Virus not detected
Post by: Bernie on May 07, 2004, 09:45:24 PM
 ;) Well, I think adding this feature as an automatically item would be an improvement. At least the benefit of Avast! would increase...
Title: Re:Virus not detected
Post by: gtaillandier on May 07, 2004, 10:50:21 PM
I think it would be a great idea to set an option in a future version whether the user wants Avast ( or not ) to scan memory when starting.

I'm not sure all users know that Avast doesn't scan memory when starting, and that they must put a link in start menu ( ashquick MEMORY STARTUP ).

Title: Re:Virus not detected
Post by: DavidR on May 08, 2004, 12:41:42 AM
I think it would be a great idea to set an option in a future version whether the user wants Avast ( or not ) to scan memory when starting.

I'm not sure all users know that Avast doesn't scan memory when starting, and that they must put a link in start menu ( ashquick MEMORY STARTUP ).

I to think its a great idea and I have been trying to do this but failed miserably.

I started by creating a shortcut (to ashquick.exe) on my desktop and tried to add the option/switch, everything I tried to add in the command of the shortcut's properties failed.

How do you do this? Can it be done in the Home version?.

TIA David
Title: Re:Virus not detected
Post by: Lisandro on May 08, 2004, 03:41:44 AM
I started by creating a shortcut (to ashquick.exe) on my desktop and tried to add the option/switch, everything I tried to add in the command of the shortcut's properties failed.

How do you do this? Can it be done in the Home version?.

TIA David

Try:

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*MEMORY"
The *MEMORY parameter causes avast! to scan the operating memory of the computer: the true virtual memory.

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*STRT-MEM-SHORT"
The *STRT-MEM-SHORT scans (besides the startup items) the modules loaded in memory: the corresponding files, not the real memory.

While the *MEMORY parameter may catch unknown (packed) variants of viruses that may not be detected on disk (they can be found since the packed file is already unpacked to memory), it may also fail to detect the viruses for which only a packed variant exists (and the VPS does not contain a signature for the unpacked code). Generally, avast! virus database is optimized (and checked) for the file detection - the memory scan is rather a special additional feature.

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*STARTUP"
The *STARTUP parameter will scan all startup user accounts items.

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*STARTUP-SHORT"
The *STARTUP parameter will scan the current user startup items.

So, if you want a real thorough check of the memory/ startup, I'd rather recommend using both the parameters *STRT-MEM-SHORT and *MEMORY together (or, *MEMORY, *MEMORY-SHORT and *STARTUP for all the user accounts). Like this:

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*MEMORY" "*STRT-MEM-SHORT" "*STARTUP" "*STARTUP-SHORT"
Title: Re:Virus not detected
Post by: gtaillandier on May 08, 2004, 01:48:00 PM
It's a good idea to add a shortcut in start menu.

But, I think it would be better if Avast could scan memory when starting, no ( automatically or according options ).

Is it possible to add this in a future release ?

Title: Re:Virus not detected
Post by: Lars-Erik on May 08, 2004, 02:10:59 PM
Oh, you can only get this with a 'boot-time' scanning... You can schedule one to be sure that avast will scan before anything else  option of archive scanning?

Why can't the resident scanner to a memory/process scan when it starts?  The on-demand scanner does that when you start it, so it shouldn't be any difficulties making the on-access scanner do that quick scan when it starts - should there.

This would make avast! even better - with little extra programming.
Title: Re:Virus not detected
Post by: Lars-Erik on May 08, 2004, 02:24:33 PM
"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*STRT-MEM-SHORT"
The *STRT-MEM-SHORT scans (besides the startup items) the modules loaded in memory: the corresponding files, not the real memory.

Is this what the avast! on-demand scanner does at startup ?
Title: Re:Virus not detected
Post by: bob3160 on May 08, 2004, 03:44:15 PM
I think that boot sectors and memory should be checked
when the system is first started. Before windows starts.
Title: Re:Virus not detected
Post by: DavidR on May 08, 2004, 03:45:50 PM
Try:

So, if you want a real thorough check of the memory/ startup, I'd rather recommend using both the parameters *STRT-MEM-SHORT and *MEMORY together (or, *MEMORY, *MEMORY-SHORT and *STARTUP for all the user accounts). Like this:

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*MEMORY" "*STRT-MEM-SHORT" "*STARTUP" "*STARTUP-SHORT"

Thanks Technical, for a great explanation of the parameters and there uses with AshQuick.exe. I have gone with your last option quoted above, which is now working in the shortcut path, my error was trying to contain the extra parameters within  the speech quotes of the URL path.

Even with the thorough scan options listed the scan doesn't take very long at all 45 seconds (I don't have a large amount of programs opening at  startup).

I can see from the interest after your explanation, this will be very useful to many others and hopefully become a future option that can be selected within the Resident Shield's options.

Thanks again, David
Title: Re:Virus not detected
Post by: Lisandro on May 08, 2004, 09:58:41 PM
Thanks Technical, for a great explanation of the parameters and there uses with AshQuick.exe.... I can see from the interest after your explanation, this will be very useful to many others and hopefully become a future option that can be selected within the Resident Shield's options.
Thanks again, David

You're wellcome...
Maybe Alwil team add this option in the Standard Shild settings in the future.
Anyway, you can post this wish here: http://forum.avast.com/index.php?board=2;action=display;threadid=57;start=345 (the 'WISHLIST')  ;)
Title: Re:Virus not detected
Post by: Dwarden on May 11, 2004, 12:29:46 AM
it is possible to made low level service which starts immediately after kernel ...

it's just very complicated to code ...

and btw someone said u can't define order what is started on boot ... i got somewhere util which was able sort and set all services starting after kernel ...

so it is possible , what matter is HOW HARD is to code it  ::)