Author Topic: PUP not detected by avast.  (Read 8852 times)

0 Members and 1 Guest are viewing this topic.

Paul_D

  • Guest
Re: PUP not detected by avast.
« Reply #15 on: April 26, 2014, 03:09:33 AM »
General comment:

IMHO Avast in recent times is simply trying to do too much. I regard it as an anti-virus - nothing more.

Refer my post above, and the one soon after it from Pondus. If you want a good PUP checker, use Malwarebytes.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: PUP not detected by avast.
« Reply #16 on: April 26, 2014, 02:14:37 PM »
DavidR, 
please see my update above, I added another circumstance.
regards -
Dave

Copy and paste isn't opening, modifying or running the file (instances where depending on the file type, it could be scanned), it also isn't a new creation either, so there is no scan.

Note, the scan undertaken would be by the file system shield, not the explorer scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline davexnet

  • Poster
  • *
  • Posts: 540
Re: PUP not detected by avast.
« Reply #17 on: April 26, 2014, 06:37:39 PM »
DavidR, 
please see my update above, I added another circumstance.
regards -
Dave

Copy and paste isn't opening, modifying or running the file (instances where depending on the file type, it could be scanned), it also isn't a new creation either, so there is no scan.

Note, the scan undertaken would be by the file system shield, not the explorer scan.

Thanks DavidR -
I did one more test - I had the files in a 7z archive and extracted the files to a folder.
During this circumstance the bad-ware was detected.  I guess it's time to delete
this puppy.  The interesting thing is, how did a folder containing these files get into the temp folder?
I suspect some activity on the web did it, rather than me consciously running something in the foreground
that this piggy-backed on.
AMD FX-4300 4GB DDR3
avast free 2279 (Windows XP), MBAM free

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: PUP not detected by avast.
« Reply #18 on: April 26, 2014, 07:27:36 PM »
Archive files by their nature are inert (by default archives aren't scanned), you have to unpack them and or run the executables for them to present a risk.

Actually extracting/unpacking the archive would be creating new files (outside of the archive), that should trigger the file system scan.

Quote from: davexnet
The interesting thing is, how did a folder containing these files get into the temp folder?

I don't know as I don't have anything to work with, originating archive and location and what temp location. That said, depending on your Operating System and Folder options, archives may be shown as folders
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline davexnet

  • Poster
  • *
  • Posts: 540
Re: PUP not detected by avast.
« Reply #19 on: April 26, 2014, 09:10:46 PM »
It's Windows XP, so it uses the default temp folder, like so:
G:\Documents and Settings\Dave\Local Settings\temp

This was the location where the files were originally identified, not in an archive (7z,zip)
but regular files (.exe, .dll)  in a sub folder.

The 7z file was created by myself in order to explore how/when avast! detected the bad file(s).
I did just about everything I could think of except actually run the exe.

Would a PUP be detected by the webshield, assuming this download was the result of some
java script from a web page?
AMD FX-4300 4GB DDR3
avast free 2279 (Windows XP), MBAM free

waking

  • Guest
Re: PUP not detected by avast.
« Reply #20 on: April 26, 2014, 11:18:25 PM »

how did a folder containing these files get into the temp folder?

Perhaps you'll get a clue from here:

http://www.installmonetizer.net/faq.php

(Hmm, sounds somewhat like what avast! has been accused of lately by some.)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: PUP not detected by avast.
« Reply #21 on: April 26, 2014, 11:30:03 PM »
It's Windows XP, so it uses the default temp folder, like so:
G:\Documents and Settings\Dave\Local Settings\temp

This was the location where the files were originally identified, not in an archive (7z,zip)
but regular files (.exe, .dll)  in a sub folder.

The 7z file was created by myself in order to explore how/when avast! detected the bad file(s).
I did just about everything I could think of except actually run the exe.

Would a PUP be detected by the webshield, assuming this download was the result of some
java script from a web page?


Being in a Temp location could possibly mean that they were Temp Internet Files - C:\Documents and Settings\David\Local Settings\Temp\Temporary Internet Files - but why why there would be .exe or dll files in there is strange.

PUPs are scanned for by default in the web shield as far as I'm aware, but I'm also sure there are instances when they may not be scanned. Anything that downloaded on https (secure connection) or isn't downloaded using an http connection and http protocol.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security