Author Topic: trojans-worms  (Read 6340 times)

0 Members and 1 Guest are viewing this topic.

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
trojans-worms
« on: March 20, 2006, 04:02:46 PM »
after the announcemnt of a IE worm being out and didn't know if avast would cover it I downloaded another trial AV...I was a bit taken back as it found 3 trojans??...I've run other AV's before & they've always caught this type of malware. Now i reviewed the virus definitions of  Avast & I do see trojans in the there for identification purposes but why doesn't they update for all?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84772
  • No support PMs thanks
Re: trojans-worms
« Reply #1 on: March 20, 2006, 04:25:48 PM »
1. It isn't advisable to have two resident AVs installed on the same system, they can cause conflict and lock you system or leave you more vulnerable rather than less. What was the other AV and what was detected and where was it found ?

2. No one AV will cover every virus, trojan, adware, spyware or malware infection, there are specialist tools for different areas, see below. avast! would just become too weildy if it were to try to detect absolutly every piece of adware, spyware or malware, a specialist in one area is always going to be better that a jack of all trades, master of none aplication (IMHO).

avast is a specialist anti-virus program many trojans are spyware related and whilst avast does detect some of them it does't detect against everything.

If you haven't already got this software (freeware), download, install, update and run it.
1. Ad-Aware
2. Spybot Search and Destroy
3. Spywareblaster Don't install this until you are clean.
4. Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.

If you are not getting a virus warning that you believe is a new, undetected virus, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: trojans-worms
« Reply #2 on: March 20, 2006, 07:52:32 PM »
well on KAV's online scan it said there was a trojan, Trend's didn't find anthing & neither did avast & ewido which I own didn't find anything either... I guess I can assume a FP?
« Last Edit: March 20, 2006, 08:00:15 PM by lbubb »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84772
  • No support PMs thanks
Re: trojans-worms
« Reply #3 on: March 20, 2006, 08:09:16 PM »
I wouldn't assume a false positive, it requires further investigation as Kaspersky is fairly reliable (but they can have their moments too). The fact that others have picked these up would tend to say it isn't an FP. However, it would require a check on Kaspersky to see when this trojan was added, it could be very new detection.

You never mentioned the infected file names or their locations ?

This is helpful in investigating what it might be, a google search for the file name and see if there are any virus associations to is and then check if any of the characteristics of that virus exist on your system (registry keys, other associated files, etc.).

I would send samples to avast one way or another as I mentioned above and let them get involved in the investigation and add to the VPS if required. I would then add them to the virus chest.
« Last Edit: March 20, 2006, 08:11:09 PM by DavidR »
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: trojans-worms
« Reply #4 on: March 20, 2006, 08:30:28 PM »
I just e-mailed it to my friend who runs Nod32 & it came out clean...I'm totally confused & I'll fwd it...btw it's attached to a file that's XP's restore file so it is suspious that it's there, I'm deleting it as suspious...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84772
  • No support PMs thanks
Re: trojans-worms
« Reply #5 on: March 20, 2006, 10:06:52 PM »
If you mean in a restore point, c:\system volume information\_restorexxxxxx then it is entirely possible that this was previously an infected file in one of the system folders that windows protects. Once deleted windows system restore will copy it to a restore point just in case you made a mistake.

The only way to clear infected restore points in the c:\system volume information folder is to disable system restore, reboot and then enable system restore again. This clears ALL restore points, but once you enable system restore it creates a restore point then.

Multi engine scanners are better for testing a possible false positive, like the link I gave to Jotti above.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: trojans-worms
« Reply #6 on: March 21, 2006, 03:00:52 AM »
avast had it right, FP, only F-secure & Kaspersky showed it t be a virus, that what is was generalized as & generic...everything else I tested it with came out clean...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84772
  • No support PMs thanks
Re: trojans-worms
« Reply #7 on: March 21, 2006, 03:05:12 PM »
Good work, it is never good to act in haste or make an assumption without checking it out fully and multi engined checkers such as Jotti are good for confirmations.

I assume that you have now removed the trial AV that reported these ?
You never did mention what one it was ?
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: trojans-worms
« Reply #8 on: March 21, 2006, 07:17:22 PM »
KISS 6 RC....

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84772
  • No support PMs thanks
Re: trojans-worms
« Reply #9 on: March 21, 2006, 08:10:05 PM »
Wow, never heard of that one.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: trojans-worms
« Reply #10 on: March 21, 2006, 08:25:39 PM »
Kaspersky's new Internet Security Suite Release Cand 6...their final version detected 3 problems all of which were not problems...