Author Topic: why avast leave securazo a potential threat to pc  (Read 1169 times)

0 Members and 1 Guest are viewing this topic.

Offline jraju

  • Sr. Member
  • ****
  • Posts: 395
why avast leave securazo a potential threat to pc
« on: July 28, 2020, 05:01:43 AM »
Hi,
i was recently puzzled by some behaviour in computer, that the downloaded exe files would be moved or deleted , exe, like macrium reflect, pop up, windows cannot find..exe please check the program and try again sort of messages.
the surprise is that i installed the disk genius software, and suddenlly , the exe works fine for fhe first time and i thought of using it the next day.
but, found that it has been moved or deleted, and actuallly, it was so.
i had not uninstalled or moved
Then i tried boot scan by avast, and then i found immediately two infections alerted as windows 32 binder but access denied messages. i stopped the scan, and found the path shown by avast as program fiels x86, my system is 64bit, digital communications.
i took ownership of the files in digital communications folder and tried deletion.
But surfing the net, immediately shows, malware bytes article on one securazo application  by digital communication is a software. i never imagined how it came to my pc and that to installed on not normal program files folder.
i then updated malware bytes and removed the program and files amounting to 8000 from its folder.
my query is , why avast does not catch this kind of rogue ransomeware programs.
will avast inclulde this securazo findings in its free version, and threat scan did not catch this at all . hope avast listens to it

Offline jraju

  • Sr. Member
  • ****
  • Posts: 395
Re: why avast leave securazo a potential threat to pc
« Reply #1 on: July 29, 2020, 03:16:51 PM »
Hi, please find enclosed my aborted boot scan, when delete failure to access denied message on two files by avasta boot scan.
i never downloaded securazo antivirus shortly known as Santivirus, it has created a quarantine folder
i never saw the windows gui of this virus ,
please see the boot scan results log
07/28/2020 06:22
Scan of C:

Scan of *STARTUP

File C:\Program Files (x86)\Digital Communications\SAntivirus\Quarantine\43ac9980-a2fc-4c16-b7e2-74346f2d16ca is infected by Win32:Binder-DL [Drp], Delete: Error 0xC0000022 {Access Denied}
File C:\Program Files (x86)\Digital Communications\SAntivirus\Quarantine\9ad2f5b4-7cef-4031-bfdb-81b1d2efb900 is infected by Win32:Binder-DL [Drp], Delete: Error 0xC0000022 {Access Denied}
File C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\sswqc1l4.default-release\cache2\entries\047BC30A8CF4FCE5DBE1D286BCCE6625BF1A6D00|>widevinecdm.dll Error 42125 {ZIP archive is corrupted.}
File C:\Users\sar\AppData\Local\WhatsApp\packages\WhatsApp-0.4.2080-delta.nupkg|>lib\net45\resources\app.asar.bsdiff Error 42125 {ZIP archive is corrupted.}
File C:\Users\sar\AppData\Local\WhatsApp\packages\WhatsApp-0.4.2081-delta.nupkg|>lib\net45\resources\app.asar.bsdiff Error 42125 {ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-deu.exe|>x64-Windows8.1-KB4486111-x64.cab Error 42110 {The file is a decompression bomb.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-deu.exe Error 42110 {The file is a decompression bomb.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>Windows10.0-KB4486129-x86.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>Windows10.0-KB4486153-x86.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>Windows6.1-KB4019990-x64.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>Windows6.1-KB4019990-x86.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>Windows8-RT-KB4019990-x64.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>Windows8-RT-KB4019990-x86.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>Windows8-RT-KB4486081-x86.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>Windows8.1-KB4486105-x86.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>x64-Windows10.0-KB4486129-x64.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>x64-Windows10.0-KB4486153-x64.cab Error 42139 {7ZIP archive is corrupted.}
File C:\Users\sar\Downloads\wsusoffline1183\wsusoffline\client\dotnet\ndp48-x86-x64-allos-enu.exe|>x64-Windows8-RT-KB4486081-x64.cab Error 42139 {7ZIP archive is corrupted.}

Scanning aborted
Number of searched folders: 8040
Number of tested files: 3147681
Number of infected files: 2
why no reply to my query.
my concern is even in boot scan, a antivirus program such as famous , reliabe avast cold get access denied
if you want any other particulars, i am ready to give.
when i open the digital communications folder, i saw so many folders and i could not delete a single folder.
i took ownership of the folder, but could not delete.
here , i surfed the net for this virus, and came across malwarebytes .
i want avast to look in to this strubborn virus, like the old babylon toolbar virus, which it took three fulll days to  get rid of registry files


Offline rocksteady

  • Super Poster
  • ***
  • Posts: 1223
Re: why avast leave securazo a potential threat to pc
« Reply #2 on: July 29, 2020, 03:22:01 PM »
I wonder if you would be better posting your question in Virus and Worms section of the forum here:
https://forum.avast.com/index.php?board=4.0

Offline jraju

  • Sr. Member
  • ****
  • Posts: 395
Re: why avast leave securazo a potential threat to pc
« Reply #3 on: July 30, 2020, 08:49:32 AM »
Hi, rocksteady, the scanned results are from the boot scan by free antivirus.
So, i have posted the query here.
Normally, if not the memebers, Asyn, or a  staff of avast would reply to the pertinent question.
Eventhough, i came across the windows binder virus, thro avast boot scan, i was wondering how this could not be accessed by the avast in boot stage.
Eventhogh malwae bytes deleted the programs entries, there was a folder called digital communations, which is doing damage to the pc, by residing there and doing background malicious activity.
i could see so many folders containing about 8000 files , changing the exe file not to work, backup files software refused entry with unwanted popups. I athingk so many persons are doing those things in servers so that it effects your pcs.
i had not come across a program like the rogue Securazo,
Normally antivirus programs create shortcut and when you click , it opens and scans.
But here is a program hidden in the background and doing total damage to the pc
when i removed all the traces of it throuogh the program and features uninstall, the next boot, greeted me with
we have got your covered message.
i think avast list this programs in their scanner so that it could not damage as it does.
i do not know , how to include the malware bytes scan results, as all the files have been quarantined by malware bytes.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
Re: why avast leave securazo a potential threat to pc
« Reply #4 on: July 30, 2020, 08:54:39 AM »
Quote
i do not know , how to include the malware bytes scan results, as all the files have been quarantined by malware bytes.
You attach Malwarebytes scan log


PUP.Optional.Segurazo  >>  https://blog.malwarebytes.com/detections/pup-optional-segurazo/


Quote
why avast leave securazo a potential threat to pc
Have you turned ON avast PUP detection ?

VirusTotal scan: SegurazoSetup.exe
https://www.virustotal.com/gui/file/6968ea76f8e26b57957509f7c1f49b3e28d6a2d7a44310089c39112a3e5f522b/detection




« Last Edit: July 30, 2020, 10:45:14 AM by Pondus »

Offline jraju

  • Sr. Member
  • ****
  • Posts: 395
Re: why avast leave securazo a potential threat to pc
« Reply #5 on: July 30, 2020, 09:04:02 AM »
Hi, the log contains only encrypted folders of threats

Offline rocksteady

  • Super Poster
  • ***
  • Posts: 1223
Re: why avast leave securazo a potential threat to pc
« Reply #6 on: July 30, 2020, 11:20:14 AM »
Surprised that virustotal lists as detected as PUP by AVG but Avast is not listed.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
Re: why avast leave securazo a potential threat to pc
« Reply #7 on: July 30, 2020, 11:30:33 AM »
Surprised that virustotal lists as detected as PUP by AVG but Avast is not listed.
Clean your glasses and check again .....


« Last Edit: July 30, 2020, 12:25:15 PM by Pondus »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: why avast leave securazo a potential threat to pc
« Reply #8 on: July 30, 2020, 11:36:59 AM »
Surprised that virustotal lists as detected as PUP by AVG but Avast is not listed.

From the link given by Pondus this is detected by Avast and AVG as:
Avast FileRepMalware [PUP]
AVG FileRepMalware [PUP]

As mentioned enable Avasts Potentially Unwanted Program (PUP) setting, what might be considered a PUP by one person could be considered as useful by another, it is just how that person might use it or if they downloaded it ot it came piggybacked on to another program.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline jraju

  • Sr. Member
  • ****
  • Posts: 395
Re: why avast leave securazo a potential threat to pc
« Reply #9 on: August 06, 2020, 06:37:50 AM »
Hi, pondus and davidr,
my concern is avast in boot scan fail to catch the securazo, which is a nasty unwanted program.
i do not thing that , one should enable the potentially unwanted program settings for the BOOt scan, as it runs on boot.
the definitito;ns of boot scan is quite different from normal scan definitions
are my presumptions correct or not
securazo creates all types of folders and totally control your pc in a so called digital communiations folder. it is creating and acting on itself or by the persons using heir servers. Just imagine you download an exe and in minutes of the execution, it popups a message that moved or deleted.
it is creating all possible hurdles to run programs that would fix some problems like macrium reflect

Offline jraju

  • Sr. Member
  • ****
  • Posts: 395
Re: why avast leave securazo a potential threat to pc
« Reply #10 on: August 08, 2020, 01:25:24 PM »
Hi, i repeat that securazo is not merely a PUA and PUP, but more vicious kind of ransomeware.
there is windows gui but, it never opens and it is doing all the things at backgrounds
it is high time that avast gives total protection on this.
i think , avast moderators would look in to this  Please see this link and give protection in avast also
https://forums.malwarebytes.com/topic/249582-removal-instructions-for-segurazo/