Avast WEBforum
Other => Viruses and worms => Topic started by: Lisandro on May 23, 2004, 04:01:23 AM
-
This virus is only detected by the following command:
"C:\Arquivos de programas\Avast\ashQuick.exe" "*MEMORY" "*MEMORY-SHORT" "*STARTUP"
It's not detected by the splash screen scan, neither by avast itself (even at High Sentivity, scanning archives and so on...)
What the hell is this?: :(
-
Screen shot :P
-
I am getting very worry too and I am getting the same problem, and this is my first time catching a virus on HD which I never had a virus for 4 years straight. SHIT!.
When I run the Avast 4 Home and I do a full thorough scan with the archive file tick turn on scanning both drives C and D, no virus has been found.
Suddenly I went to Windows Explorer and do a manual quick scan high lighting the C drive, suddenly the quick scan had pickup a Blood virus the same problem as Technical.
Question how come the manual quick scan from Windows Explorer has pickup a virus, and the Avast 4 Home Anti-Virus software running a full thorough scan didn't pick it up.
Otherwise I am smelling a bug under my very own nose using the latest version, please advise.
I have set all my protection setting to High using Avast 4 Home, instend I don't have the Pro version for Script Blocking.
-
Hm,i went to Virus List page (you can find it on my page) and i got this result for Blood-418:
http://www.viruslist.com/eng/viruslist.html?id=316
I think this is the point on which Alwil guys should help...
-
Thanks RejZor:
Blood.418
It is a not memory resident not dangerous virus. The .COM-files of current directory gets infection when the virus starts. The virus from time to time types: "File infected by BLOOD VIRUS version 1.20".
But in my case I have a 'memory block' infected... I cannot map which file is related (infected) by it... Besides this, there is what SpeedyPC said :'(
-
Hi,
I also get this with the above ashquick-options..
My guess is that this is a false alarm .. maybe avast stumbles over it's own Sigs in Memory ?
But alwil team should comment on this or better, rectify it ;)
-
Hi,
I also get this with the above ashquick-options..
My guess is that this is a false alarm .. maybe avast stumbles over it's own Sigs in Memory ?
But alwil team should comment on this or better, rectify it ;)
Thanks for posting whocares...
I read your thread (http://forum.avast.com/index.php?board=2;action=display;threadid=4679) but I cannot see a solution for the deactivation of avast :'(
-
avast! certainly doesn't find its signatures in memory because the decrypted signatures are never present there (you can check what this process 552 is in Task Manager).
Anyway, it's probably just a false alarm. We'll try to do something about it.
-
Igor, thinking better, the process is:
BDSS.EXE
2024 (not more 552)
C:\Program files\Common files\Softwin\BitDefender Scan Server\bdss.exe
So, it's BitDefender (backup scanner) :-\
-
Oh... in that case, maybe avast! found BitDefender's virus signatures in memory?
-
Oh... in that case, maybe avast! found BitDefender's virus signatures in memory?
Maybe, how can I be sure?
On-line scanning (trendmicro), on-demand and on-access scanning of avast do not detect it... ::)
-
Igor, does this help?
Process: BDSS.EXE Pid: 2024
Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
File C:\WINDOWS\Temp\tmp00000802\tmp00000000
File \Device\NamedPipe\net\NtControlPipe20
File \Device\NamedPipe\svcctl
File C:\WINDOWS\system32\
Key HKLM
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0013
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0014
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0015
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0016
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0017
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0018
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0019
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0020
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0021
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0022
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0023
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0024
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0025
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0026
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0027
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0028
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0029
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0030
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0031
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0032
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0033
Mutant \BaseNamedObjects\XCOMM_ANONYMOUS_COUNT
Mutant \BaseNamedObjects\XCOMM_CONNECTION_MUTEX_00065536
Mutant \BaseNamedObjects\AVXSS-CSEC
Mutant \BaseNamedObjects\AVXSS-CSEC3
Mutant \BaseNamedObjects\AVXSS-CSEC2
Mutant \BaseNamedObjects\AVXSS-CSEC1
Mutant \BaseNamedObjects\AVXSS-CSEC0
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0000
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0001
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0002
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0003
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0004
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0005
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0006
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0007
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0008
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0009
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0010
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0011
Mutant \BaseNamedObjects\XCOMM_QUEUE_MUTEX_0012
Section \BaseNamedObjects\AVXCommunicator
Semaphore \BaseNamedObjects\XCOMM_EMPTY_QUEUE_SEM_0012
...
Semaphore \BaseNamedObjects\XCOMM_EMPTY_QUEUE_SEM_0033
Semaphore \BaseNamedObjects\XCOMM_FULL_QUEUE_SEM_0033
Semaphore \BaseNamedObjects\AVXSS-GETSEM
Semaphore \BaseNamedObjects\AVXSS-PUTSEM
Semaphore \BaseNamedObjects\XCOMM_EMPTY_QUEUE_SEM_0000
...
Semaphore \BaseNamedObjects\XCOMM_FULL_QUEUE_SEM_0011
Thread BDSS.EXE(2024): 444
Thread BDSS.EXE(2024): 436
Thread BDSS.EXE(2024): 456
Thread BDSS.EXE(2024): 496
Thread BDSS.EXE(2024): 2028
Thread BDSS.EXE(2024): 152
WindowStation \Windows\WindowStations\Service-0x0-3e7$
WindowStation \Windows\WindowStations\Service-0x0-3e7$
-
I am afraid it doesn't.
We would simply have to know what is inside the memory block where avast! detects the virus.
-
Can you test it, installing BidDefender 7.0 Free?
Is there any way to search into the memory blocks and see what is there at that time?