Author Topic: Virus not detected  (Read 12368 times)

0 Members and 1 Guest are viewing this topic.

Offline gtaillandier

  • Full Member
  • ***
  • Posts: 167
  • I'm a llama!
Virus not detected
« on: May 03, 2004, 08:32:46 PM »
Hello

I use Avast Home Edition ( build 4.1.396 ) ; here's my configuration for Standard shield :
   - Scanner (advanced )
         scan created/modified files
                all

I've scanned my fixed disk today and Avast found viruses in .exe files in Internet cache.

Can someone tell me why viruses DyfucDldr-F-UPX [Trj] and Revop [Trj] were not detected before.

Sincerely.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Virus not detected
« Reply #1 on: May 03, 2004, 08:58:57 PM »
Both of these viruses were added to the database less than a week ago (see http://www.avast.com/i_idt_1404.html ) so it's quite likely that they got to your hard-disk before that update...

Vlk
If at first you don't succeed, then skydiving's not for you.

Offline gtaillandier

  • Full Member
  • ***
  • Posts: 167
  • I'm a llama!
Re:Virus not detected
« Reply #2 on: May 06, 2004, 05:22:19 PM »
Hello

Just another little problem with virus detection.

My PC was running for about 10 minutes without any virus alert. I've created a link in the start menu for Ashquick with options "*MEMORY" "*STARTUP", then I've launched it, and ( what a surprise ) a virus has been found in an .exe file which was running.

I don't understand why resident protection hasn't detected it.

Can you help me ?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11802
    • AVAST Software
Re:Virus not detected
« Reply #3 on: May 06, 2004, 05:27:47 PM »
Maybe because the virus was launched before avast!, in the Windows autostart order?

Offline Bernie

  • Jr. Member
  • **
  • Posts: 50
  • I'm a llama!
    • Freeware, Shareware für PC / Internet Tuning und Sicherheit
Re:Virus not detected
« Reply #4 on: May 06, 2004, 09:15:06 PM »
Quote
Maybe because the virus was launched before avast!, in the Windows autostart order?

 ??? Are you kidding? I thought the resident Avast! scanner is doing a memory scan when it starts...  :o

What for do I install an antivirus program? To detect and prevent viruses BEFORE they get active...

Well, i must say that I'm a little bit confuesed at the moment.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re:Virus not detected
« Reply #5 on: May 07, 2004, 05:10:42 AM »
What for do I install an antivirus program? To detect and prevent viruses BEFORE they get active...

Oh, you can only get this with a 'boot-time' scanning... You can schedule one to be sure that avast will scan before anything else is running.
In XP systems (or Windows in general) you cannot control the sequence of the boot and more than this, a virus will do everything to run 'before' the antivirus).

Are you using XP? Why don't you schedule a boot-time scanning with the option of archive scanning?
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11802
    • AVAST Software
Re:Virus not detected
« Reply #6 on: May 07, 2004, 09:43:25 AM »
What for do I install an antivirus program? To detect and prevent viruses BEFORE they get active...

Sure - but the antivirus has to be active at the moment. When the antivirus is running (and it usually is soon after Windows OS is started), it can scan the started files, detect the viruses in them and deny access (i.e. not allow to start them) when a virus is really detected.
However, if a virus is started before the antivirus, you cannot do much about it. In fact, the virus may do exactly the same thing (and in a simple way, some viruses really do) - scan the started processes and not allow the antivirus programs to be started. Then, the virus simply "wins".

Otherwise - no, the resident scanner doesn't do a memory scan when it's started; it just begins to do its work - background monitoring of started files, transfered e-mail, etc.
If you want an initial memory scan, you can put a link to ashQuick.exe *MEMORY into your Startup.

Offline Bernie

  • Jr. Member
  • **
  • Posts: 50
  • I'm a llama!
    • Freeware, Shareware für PC / Internet Tuning und Sicherheit
Re:Virus not detected
« Reply #7 on: May 07, 2004, 12:52:49 PM »
Quote
However, if a virus is started before the antivirus, you cannot do much about it.

Well, if I understand you correctly, that means that IF a virus get's active BEFORE the resident part of Avast! starts I even don't get a message at least i.e. that I should do a "Boot time scan" or a "full scan".

If that's the case why isn't then the "initial memory" scan (maybe as an option) implemented in the resident scanner? ???

Of course I understand that a virus that is already resident in memory can't be removed. But I should at least get a message that I have to take some other action.
« Last Edit: May 07, 2004, 12:54:31 PM by Bernie »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9369
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Virus not detected
« Reply #8 on: May 07, 2004, 02:14:31 PM »
I general this would be a good thing. Checking memory before loading other avast! components,or simply starting first (but this is quiet random by Windows itself)
Visit my webpage Angry Sheep Blog

Offline Bernie

  • Jr. Member
  • **
  • Posts: 50
  • I'm a llama!
    • Freeware, Shareware für PC / Internet Tuning und Sicherheit
Re:Virus not detected
« Reply #9 on: May 07, 2004, 09:45:24 PM »
 ;) Well, I think adding this feature as an automatically item would be an improvement. At least the benefit of Avast! would increase...
« Last Edit: May 07, 2004, 09:46:14 PM by Bernie »

Offline gtaillandier

  • Full Member
  • ***
  • Posts: 167
  • I'm a llama!
Re:Virus not detected
« Reply #10 on: May 07, 2004, 10:50:21 PM »
I think it would be a great idea to set an option in a future version whether the user wants Avast ( or not ) to scan memory when starting.

I'm not sure all users know that Avast doesn't scan memory when starting, and that they must put a link in start menu ( ashquick MEMORY STARTUP ).


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85387
  • No support PMs thanks
Re:Virus not detected
« Reply #11 on: May 08, 2004, 12:41:42 AM »
I think it would be a great idea to set an option in a future version whether the user wants Avast ( or not ) to scan memory when starting.

I'm not sure all users know that Avast doesn't scan memory when starting, and that they must put a link in start menu ( ashquick MEMORY STARTUP ).

I to think its a great idea and I have been trying to do this but failed miserably.

I started by creating a shortcut (to ashquick.exe) on my desktop and tried to add the option/switch, everything I tried to add in the command of the shortcut's properties failed.

How do you do this? Can it be done in the Home version?.

TIA David
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re:Virus not detected
« Reply #12 on: May 08, 2004, 03:41:44 AM »
I started by creating a shortcut (to ashquick.exe) on my desktop and tried to add the option/switch, everything I tried to add in the command of the shortcut's properties failed.

How do you do this? Can it be done in the Home version?.

TIA David

Try:

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*MEMORY"
The *MEMORY parameter causes avast! to scan the operating memory of the computer: the true virtual memory.

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*STRT-MEM-SHORT"
The *STRT-MEM-SHORT scans (besides the startup items) the modules loaded in memory: the corresponding files, not the real memory.

While the *MEMORY parameter may catch unknown (packed) variants of viruses that may not be detected on disk (they can be found since the packed file is already unpacked to memory), it may also fail to detect the viruses for which only a packed variant exists (and the VPS does not contain a signature for the unpacked code). Generally, avast! virus database is optimized (and checked) for the file detection - the memory scan is rather a special additional feature.

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*STARTUP"
The *STARTUP parameter will scan all startup user accounts items.

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*STARTUP-SHORT"
The *STARTUP parameter will scan the current user startup items.

So, if you want a real thorough check of the memory/ startup, I'd rather recommend using both the parameters *STRT-MEM-SHORT and *MEMORY together (or, *MEMORY, *MEMORY-SHORT and *STARTUP for all the user accounts). Like this:

"C:\Program Files\Alwil Software\Avast\ashQuick.exe" "*MEMORY" "*STRT-MEM-SHORT" "*STARTUP" "*STARTUP-SHORT"
The best things in life are free.

Offline gtaillandier

  • Full Member
  • ***
  • Posts: 167
  • I'm a llama!
Re:Virus not detected
« Reply #13 on: May 08, 2004, 01:48:00 PM »
It's a good idea to add a shortcut in start menu.

But, I think it would be better if Avast could scan memory when starting, no ( automatically or according options ).

Is it possible to add this in a future release ?


Offline Lars-Erik

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 394
    • Lars-Erik Østerud
Re:Virus not detected
« Reply #14 on: May 08, 2004, 02:10:59 PM »
Oh, you can only get this with a 'boot-time' scanning... You can schedule one to be sure that avast will scan before anything else  option of archive scanning?

Why can't the resident scanner to a memory/process scan when it starts?  The on-demand scanner does that when you start it, so it shouldn't be any difficulties making the on-access scanner do that quick scan when it starts - should there.

This would make avast! even better - with little extra programming.
www.osterud.name - ICQ: 7297605 - AIM/Yahoo/Facebook/Skype/Astra: LarsErikOsterud