Author Topic: Avast Let Me Install An Infected File?  (Read 7931 times)

0 Members and 1 Guest are viewing this topic.

Offline Kanooka

  • Newbie
  • *
  • Posts: 10
Avast Let Me Install An Infected File?
« on: March 31, 2005, 10:53:28 PM »
Windows XP Home, SP2.....IE 6.....Avast Home 4.6, Version Database 0513-1  03/30/05

Last night I downloaded an .exe file to my desktop.......(I was searching for a freeware sound recorder).......it was a small file, approx. 700 kb.......once it was on my desktop, I right clicked on it & scanned it with Avast.......Avast said the file was clean!

I then made a folder for it & began the install......the installation wizard was normal, asked all the right questions & as soon as I clicked Finish, Avast sprung into action with warning popups & audio warnings informing me I now had an infected computer.......(I had run a virus scan 2 days previously & it was clean)

I closed everything down, ran a virus scan & Avast quarantined 6 files........I then uninstalled the new program, cleared the recycle bin, dumped my cookies & cleared out my temp files, both off & online......ran another virus scan & it came up clean........I have since deleted those files from the chest, ran another scan this morning & it too was clean....

I am wondering why Avast did not give a warning when I scanned the .exe file prior to installation?.......or is it possible the infection was already on my computer & this program somehow activated it?......

This is the first time I've ever had anything like this happen & needless to say, I'm still in "meltdown" mode..... :o

Kanooka

Offline Kanooka

  • Newbie
  • *
  • Posts: 10
Re: Avast Let Me Install An Infected File?
« Reply #1 on: March 31, 2005, 10:58:05 PM »
I forgot to mention that I disabled System Restore before I started all the above steps......

Is it safe to enable it again?.....

Kanooka

Offline neiby

  • Sr. Member
  • ****
  • Posts: 220
  • I'm a llama!
Re: Avast Let Me Install An Infected File?
« Reply #2 on: April 01, 2005, 12:22:15 AM »
Perhaps that EXE was a self-extracting archive. I don't think Standard Shield scans archives by default. I may be wrong about that, though.

Regardless, it didn't let you actually *infect* your computer, did it? :)

Offline Kanooka

  • Newbie
  • *
  • Posts: 10
Re: Avast Let Me Install An Infected File?
« Reply #3 on: April 01, 2005, 03:43:46 AM »
It doesn't look like it......I've run 2 clean scans since......I'm just trying to understand what happened & why..... :)....

Is there a way to set the Standard Shield to scan a self extracting archive?......I wasn't aware that it didn't & thought that I was safe by scanning everything that came off the net....

Its a long learning curve...... ;)

Kanooka


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Avast Let Me Install An Infected File?
« Reply #4 on: April 01, 2005, 04:24:25 AM »
Is there a way to set the Standard Shield to scan a self extracting archive?

I think this is only available on Professional version.
On-access scanning of archives is limited on the Home version.
On-demand scanning of archives is the same both in Home and Pro versions.

If I'm wrong, I hope someone from Alwil correct me...  ;)
The best things in life are free.

Offline avastman

  • Jr. Member
  • **
  • Posts: 20
  • I'm a yam!
Re: Avast Let Me Install An Infected File?
« Reply #5 on: April 01, 2005, 05:34:12 AM »
When one right-clicks a file and scans it with avast!, is that not considered "on-demand"?


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Avast Let Me Install An Infected File?
« Reply #6 on: April 01, 2005, 06:28:33 AM »
When one right-clicks a file and scans it with avast!, is that not considered "on-demand"?

It runs ashQuick.exe, an on-demmand scanning but with specially configurations.
We need more information from Alwil team...  :-[
The best things in life are free.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avast Let Me Install An Infected File?
« Reply #7 on: April 01, 2005, 08:39:43 AM »
It's quite normal tha install programs use custom packing methods. I.e. they are not ZIPed, they are not RARed, they're simply created by a custom packer (doesn't even necessarily compress, just pack).

So it's not picked by any AV, of course...

BTW the right-click scan IS of course an on-demand scan, and scans with all unpackers enabled by default.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline dk70

  • Jr. Member
  • **
  • Posts: 71
Re: Avast Let Me Install An Infected File?
« Reply #8 on: April 01, 2005, 08:42:10 AM »
Im sure Avast can deal with self-extracting zip-files and others but I doubt it will be compatible with many unknown installation formats. You will never be able to check everything until it is unpacked. Like Avast can check 7Zip files, most other AVs cant. If you have Norton and a virus in 7Zip file you will notice when it gets unpacked, same here with Avast. Dont know about your exe-file but it will be true for many others. Shows the power of resident protection, if not you can be sure many would uninstall parts of AV and let download managers etc. deal with check. Need for resident protecton would drop dramatically  if you could see through every format no matter protected/encrypted or whatever.

I see VLK have said what needs to be said but I post anyway cause now it is writen  8)

Offline Kanooka

  • Newbie
  • *
  • Posts: 10
Re: Avast Let Me Install An Infected File?
« Reply #9 on: April 01, 2005, 07:25:51 PM »
Thanks everyone for your input.....I appreciate the help.... :)

I've now had 3 clean scans with Avast.....is it advisable to also run an online scan?......& if so, which one should I use, as I understand there are some issues with Panda & Avast......

Kanooka

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Avast Let Me Install An Infected File?
« Reply #10 on: April 01, 2005, 08:09:41 PM »
Is it advisable to also run an online scan?......& if so, which one should I use
You shouldn't be that worried... but, just for sure, browse a little for on-line scanning at www.trendmicro.com  ;)
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84752
  • No support PMs thanks
Re: Avast Let Me Install An Infected File?
« Reply #11 on: April 01, 2005, 08:32:59 PM »
TrendMicro's Housecall
Bit Defender On-line Scanner
F-Secure On-line Scanner ActiveX required
These are just a few of the many on-line scanners out there, check out RejZor's Website - Security Ops for more On-line Virus Scanners Security.Ops.tk

Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Kanooka

  • Newbie
  • *
  • Posts: 10
Re: Avast Let Me Install An Infected File?
« Reply #12 on: April 01, 2005, 09:22:35 PM »
Thank you both......I'll check out those sites..... :)

Kanooka