Author Topic: THANK YOU SOOO MUCH!!! (and a question)  (Read 9534 times)

0 Members and 1 Guest are viewing this topic.

Offline leushino

  • Newbie
  • *
  • Posts: 17
  • Christos anesti! Alethos anesti!
THANK YOU SOOO MUCH!!! (and a question)
« on: October 24, 2003, 03:39:24 AM »
Last night I finally decided to drop AVG once and for all. Before I did, I ran one last scan. No virus! Nothing! Clear sailing. Then I installed Avast and ran a scan. Guess what!? I had the Kang virus! I was stunned! I called my bank to change passwords and check on accounts as well as my credit cards. I am sooo grateful for Avast alerting me to this insidious virus.

Question: whenever scans are run (I have only run thorough ones so I'm wondering if quick ones are the same), there are always a series of files which Avast was unable to scan. Why is that and does it compromise me in any way?

Again, thank you for doing such incredibly thorough work on your software.

Offline techie101returns

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1900
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #1 on: October 24, 2003, 03:55:43 AM »
Question: whenever scans are run ..........I'm wondering if quick ones are the same),
Basically they are the same, however, the Thorough scan checks just about all files for all viruses whereas the Quick scan checks only those potentially dangerous file types.

Quote
there are always a series of files which Avast was unable to scan. Why is that and does it compromise me in any way?
In general No.  Some files cannot be scanned because they are system protected such as by password, or those files in the System Restore.  Unless you disable the System Restore, or remove the password from the respective file/s, Avast will not scan them.  You could have a virus within one of them.

Quote
Again, thank you for doing such incredibly thorough work on your software.
The Avast Team works very hard not only to take care of the little 'bugs" that creep up, but to improve the already fine product.

Thanks for stopping by
techie101
« Last Edit: October 24, 2003, 04:02:21 AM by techie101 »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #2 on: October 24, 2003, 04:18:38 AM »
The Avast Team works very hard not only to take care of the little 'bugs" that creep up, but to improve the already fine product.

Yeah! Wellcome to avast! Bye bye AVG  ;D
The best things in life are free.

Offline leushino

  • Newbie
  • *
  • Posts: 17
  • Christos anesti! Alethos anesti!
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #3 on: October 24, 2003, 08:17:00 AM »
Well... I disabled Restore and ran the thorough scan once more. This time 114 files were unable to be scanned. Many were in my user profile... my documents... my settings.

Look. I can't imagine having to disable all my passwords just to scan every time and then recreate them. I never had to do any of this with McAfee or Norton  and they never failed to scan everything. AVG did fail and so did Innoculate it. Obviously I must be doing something wrong here. I can't take the risk that a trojan or virus exists buried deep in my files and Avast is unable to scan down to this. Before I jump ship, perhaps someone can help me so that ALL of my files are scanned ALL of the time. Help!

Offline w0mbat

  • Full Member
  • ***
  • Posts: 149
  • I'm a wombat!
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #4 on: October 24, 2003, 08:53:56 AM »
what are the file extentions that can't be scanned?
<filename.xxx>
Please list the diferent type of .xxx that are not scanned.

Passwords: It's not your passwords as such that are an issue, it's that the files may be archives that are password protected and they can't be opened (because of the password protection) to scan the files inside.

Please advise.

Cheers!  :)

w0mbat
To Insanity and Beyond!

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11747
    • AVAST Software
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #5 on: October 24, 2003, 09:30:14 AM »
Can you send an example of a filename that could not be scanned? (just as avast reports it)?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #6 on: October 24, 2003, 01:25:27 PM »
Well... I disabled Restore and ran the thorough scan once more. This time 114 files were unable to be scanned. Many were in my user profile... my documents... my settings.

Look. I can't imagine having to disable all my passwords just to scan every time and then recreate them. I never had to do any of this with McAfee or Norton  and they never failed to scan everything. AVG did fail and so did Innoculate it. Obviously I must be doing something wrong here. I can't take the risk that a trojan or virus exists buried deep in my files and Avast is unable to scan down to this. Before I jump ship, perhaps someone can help me so that ALL of my files are scanned ALL of the time. Help!

For password protected files, no antivirus scans them. The advantage of avast! is that the name and path of these files could be displayed...

For a first approach of avast! and to clean your system, try a boot scan (see Context Menu of the skinned version).

To scan all the files, all the time, just configure Standard Shield properly... If you have doubts, please let us know.  ;)
The best things in life are free.

Offline leushino

  • Newbie
  • *
  • Posts: 17
  • Christos anesti! Alethos anesti!
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #7 on: October 24, 2003, 04:20:27 PM »
I just ran another thorough scan. There were 113 files Avast could not scan. Below is a representative group. Some were repeated several times:

C:\...\leushino@severdby.advertising[2]txt
C:\Documents and Settings\All Users\...sbRecovery.ini

C:\Documents and Settings\All Users\...sbRecovery.ini
C:\Documents and Settings \All Users\related.htm

C:\Documents and Settings\...\leushino@atdmt[2]txt

C:\...\leushino@fastclick[2].txt
C:\...\leushino@hitbox[2].txt
C:\Documents and Settings\All Users\...sbRecovery.ini
C:\Documents and Settings\All Users\...sbRecovery.reg
C:\Documents and Settings\All Users\WkUFind.exe
C:\Downloads\Opera7.2\ow32enen720j.exe\...\[AsPack}
C:\Program Files\Java.nio.charset.spi.CharsetProvider
C:\Program Files\Java\j2rei.4.1_a\lib\...\MANIFEST.MF

How can I configure Avast to scan these? Are these files important to scan?

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #8 on: October 24, 2003, 04:39:03 PM »
hi,

- the SBrecovery-files are backup files by Spybot, that are encrypted so that other Ad-/Spyware scanners don't detect anything in it:
NO AV-Prog should or could scan them in this state -> harmless

- there are some files with invalid file-extensions: harmless
- don't know why the opera or java-files are not scanned, probably locked/in use
-> best close all programs when scanning or try a scan in SafeMode (F8-Boot) to be sure they are harmnless

- it seems that your WKUFIND.exe is in use -> best disable its autostart:

http://www.answersthatwork.com/Tasklist_pages/tasklist_w.htm

"Wkufind   WkUFind.exe

(Microsoft) Microsoft Works 2002 PictureIt! update detector.  Another auto-update feature that you should turn off !  If you are not convinced, then this from a Microsoft document should convince you :  "You may notice that when this feature runs your computer may freeze or the program may try to update itself....  You may also notice that the computer will try to dial your Internet Service Provider, connect to the Internet, and download any updates."

Recommendation :
Turn the feature off.  Auto-updating is the worst feature to ever have ON in any computer program.  (1) Open PictureIt!.  (2) Open a picture.  (3) Choose the Tools \ Options menu option.  (4) Clear the "Check for updates online" option.  (5) Close PictureIt!.  (6) Reboot your PC.  If that still does not get rid of WKUFIND, then also disable it in Startup Manager." ;)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11747
    • AVAST Software
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #9 on: October 24, 2003, 04:59:13 PM »
These files don't look very important... in any case, avast should give you some more information about why it didn't scan them. I can see some packed files there (Opera, MANIFEST.MF) - there may be some problems with archive unpacking there.
However, I really don't know why it didn't scan .ini or .htm files... is there any additional info about these files that were not scanned?

Offline leushino

  • Newbie
  • *
  • Posts: 17
  • Christos anesti! Alethos anesti!
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #10 on: October 24, 2003, 05:12:17 PM »
Thank you both for responding and helping me. I'll take off that auto-update on Picture It and I'll try a scan in safe mode. There was no more information on any of the files not being scanned, Igor... just a listing. Many appeared to be repetitious.

I'm really green and not likely to get much smarter regarding these things. I just don't have time (nor computer smarts) to devote to my computer. I'm very nervous now about using the computer for anything that relates to money (i.e. banking, making purchases) since I have no idea how long Kang was on the computer and whether or not it now resides at a deeper level. I have no idea how I "got" the insidious thing in the first place. I don't visit bad sites and I don't open attachments. How on earth do these things get transmitted?

Not sure what to do now. *sigh*

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11747
    • AVAST Software
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #11 on: October 24, 2003, 05:16:35 PM »
OK, maybe I should have asked where does this list of files comes from.
If you select the report file to be created Menu->Settings/Report File and let everything be included into the report (with the exception of OK files, probably) - there should be some kind of reason at the files that were not scanned. Well, maybe not always a "reason", but some kind of description at least.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #12 on: October 24, 2003, 05:40:36 PM »
since I have no idea how long Kang was on the computer

Hi,
if "Kang" is all that troubles you..:
there is no "Kang"-Virus in avast's Virus list, just a
Hongkang-1904   &
Win32:Kangur[Wrm]

you had one of those ?
I guess not, but think you misspelled and meant:
KUANG


this is with all likelyhood a "false alarm" if you ever had Panda(Online)-AV-Scanner or its installer files on your PC.
Panda doesn't encrypt their files properly, so other AV-Scanners detect harmless pieces of viruscode(searchstrings) in it

--> HARMLESS !!!

we could confirm this, if you could give us the exact and full path and filename of the "infected" K(u)ang-file (See avast's report)




 ;)

Offline leushino

  • Newbie
  • *
  • Posts: 17
  • Christos anesti! Alethos anesti!
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #13 on: October 24, 2003, 06:02:59 PM »
I closed the report. Is it logged somewhere?
The Kang (or Kuang) virus Avast caught had something to do with Sophos according to my searching in Symantec's data base.

Panda? Hmmm... I may have downloaded Panda in the past but I'm really not sure.

I had Avast delete rather than fix the infected files so I'm not sure how I can give you the exact path.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11747
    • AVAST Software
Re:THANK YOU SOOO MUCH!!! (and a question)
« Reply #14 on: October 24, 2003, 07:12:13 PM »
If you had the creation of the report file switched on during the scan (which is not by default), then the report file is in the folder you have specified (by default, in avast4\data\report).
If you didn't change any settings, however, then the results are not saved anywhere. If you run the scan again (preferable with the creation of the report file turned on) - do you get the same (or similar) results?

As for Panda - I think Panda keeps some files on disk... so, it's possible that it really was its files from the past that were detected.