Infected and Avast didn't catch it

[neiby]

I used to use NAV and I switched to Avast a couple of months ago. Just for grins I thought I'd give AVG a try and it has found the java/byteverify trojan (blackbox trojan) on my system.

It concerns me that the latest version of Avast! with the latest updates did not catch this trojan. Depending on how long that trojan has been on my system, it's possible that NAV didn't notice it, either.

I like Avast!, but I guess this just shows us that it's best to use more than one tool. I suppose I'll start using two AV progs just like I use more than one anti-spyware prog.

John

[neiby]

Hmm.... on the other hand, AVG doesn't seem to be able to detect the EICAR test virus, while Avast! catches it immediately. Weird. Now I don't trust either one of them! :-(

[neiby]

Nevermind. AVG wasn't finding the test file because it had a .txt extension, while Avast! was detecting it no matter what the filename. As soon as I changed the name to eicar.com, AVG was able to detect it.

I think I figured out why Avast wasn't able to find this particular virus, as well. It turns out that it was inside a ZIP file, and Avast! must not be able to scan inside archives. I'll have to check on that later.

John

[neiby]

Well, it looks like Avast! is supposed to be able to look inside archives, so I wonder why it didn't catch those two trojans, Java/ByteVerify and Java/OpenStream, while AVG did.

Regardless, I think I'll stick with Avast! for the moment because it has the P2P Shield and Network Shield. I'll just use AVG for periodic manual scans.

Do any of you have any ideas why Avast! wasn't able to look inside ZIP files to find these trojans?

[scaa]

Avast can be configured to carry out checking zip archives but maybe the avast team should consider making checking of archives a default with the resident standard shield to work in the background.
But this is a serious problem definitely.

EVEN THEN, I CONSIDER AVAST THE BEST.

The moderator should give us an assuring response though

[RejZoR]

Scanning archives in real-time (On-Access) is a waste of CPU power and memory.
Files inside archives cannot harm anything because they need to be extracted first.
And then they are cought.

[Vlk]

The Java.ByteVerify -kind of things are not really dangerous but anyway it'd be useful to

1. verify that it's not a false alarm from AVG by submitting the file(s) in question to an online scanner, e.g. Jotti's http://virusscan.jotti.org

2. if at least couple of scanner detect the file(s) as infected, submit it/them to virus@avast.com


Thanks
Vlk

[neiby]

Unfortunately, it turns out that I accidentally deleted the files I was referring to. I uninstalled AVG and those files were in the AVG quarantine or chest. I thought I had selected the option not to delete those files but regardless, they are now gone. :-(

[Negeltu]

Avast has caught every Javabyteverify on my system.  I don't believe they do anything "dangerous" and they only try to exploit vulerabilities in the microsoft vm.  If you use sun's vm you don't have to worry about them.

[RejZoR]

I still have one Java ByteVerify in my database which is still not recognized after several submissions...