Basically, the questions already contains the answer. Yes, avast! puts the default set of exclusion back when all the exclusions are removed. So, if you keep one exclusion at least (could be your own one, pointing to an non-existend folder maybe, it should be kept intact.
Thanks for the tip, I'll try it out. Still, I think this is an issue that warrants attention; I'd never have realized avast! re-added the exclusions by itself if I hadn't renamed a few malware file extensions purely on a whim.
Any more info on these?
It depends on what you're after. They're just fairly standard Hupigon samples, with (I'd imagine) some tweaks to the code here and there, maybe an extra packer or two, and, of course, dropping fake .ini files (which were actually simply renamed executables) instead of .exe files as they used to do.
solcroft,
given the thought you have clearly put into this would you not suggest that any system user should not allow autorun and instead perform a thorough scan of a USB drive before using any data/executables on it?
Have you done this with your example of an infected USB drive? Did it get past the avast scan?
That wasn't what I asked. You were the one who claimed
never, and then threw out a challenge to me to prove you wrong. So go ahead. Try it. Walk the talk, like you claim you do. I'm waiting for your results.