« previous next »
Pages: [1]   Go Down

Author Topic: What?  (Read 2072 times)

0 Members and 1 Guest are viewing this topic.

ryan445

  • Guest
What?
« on: June 15, 2007, 10:32:04 PM »
 I went to Panda software to do the online virus scan thing, and when I was downloading the active x thing, avast stopped it as a virus. It did this multiple times. WTf? ???
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
Re: What?
« Reply #1 on: June 15, 2007, 10:42:10 PM »
These are false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Read: http://www.avast.com/eng/virus_detection_and.html#idt_1554

IMSCAN.DLL
PAVDLL.DLL
PAV.SIG
APVXD.VX2
APVXD.VXD

C:\windows\system32\active scan\pskavs.dll
C:\system volume information \_restore{ ... }\*.dll

I think this is related to false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Unfortunatelly, a well-known problem of Panda not encrypting its signatures  :P
Quote
Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).
Logged
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89670
  • No support PMs thanks
Re: What?
« Reply #2 on: June 16, 2007, 12:11:32 AM »
You would have to pause both the web shield to allow it to be downloaded and also pause the standard shield to be able to run it or it will detect the unencrypted signatures. I also don't like Panda's on-line scan because it deposits a lot of this cr*p in the system folders making it more difficult to remove as it ends up in the system volume information folder as a restore point, where avast will detect it again.

There are many other on-line scanners that don't exhibit this type of activity. On-line Virus Scanners and other useful Links Security-Ops.eu.tt
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »