Author Topic: Can my computer become infected with malaware EVEN IF I'm not downloading softwa  (Read 12268 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Thank you David.
You write that Web Shield only monitors the HTTP port 80 traffic.
But the avast tutorial told me to specify Port 12080 and not 80.
Can you clarify this detail for me please ?

If you're using 2k/XP/Vista, the scanning is transparent (automatic) on port 80.


If you use 9x/Me, you need to use the proxy scanning at 12080.
To manually configure your browser see the following tutorials:

For IE and permanent connection users:
http://www.avast.com/files/tutorials/ws_ieproxy.htm

For IE and dial-up users:
http://www.avast.com/files/tutorials/ws_ieproxy_dialup.htm

For Firefox users:
http://www.avast.com/files/tutorials/ws_ffproxy.htm
The best things in life are free.

Offline trigan

  • Jr. Member
  • **
  • Posts: 68
Thank you for the clarification Tech.

To Alan,

I followed the link to the Avast tutorial on how to install proxy setting in Firefox for those having Wndows 98. I installed those settings. So now Web shield should be able to monitor web pages that I open in Firefox on my Windows 98 system.

I have tabs in FF all displaying different web pages and one of them is the Eicar test page:

http://www.eicar.org/download/eicar.com.txt

For the past hour or more, I have had the Web Shield Window telling me what it is doing because I have ticked the box in its settings for it to do so. It has scanned hundreds of web pages and none have been infected.

So far for some weird reason Web Shield has not scanned the eicar web page !!

Other than shutting down all the tabs, is there another way that I can tell Web Shield to specifically scan the eicar test page ?

Thank you.


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85070
  • No support PMs thanks
That is the proxy port that the web shield uses (in the web shield settings), it redirects port 80 traffic to port localhost 12080 (for those OSes that support the transparent proxy function).

That is why you are having to set manually set your browser to use the proxy as your OS doesn't support the transparent proxy function, you have to tell the browser what to use.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
@Tech,

trigan had the links earlier in the thread but was pointing out that the avast tutorial is now out of date for Firefox and has not kept up to date with the layout of Firefox 2 (soon to be Firefox 3).

@trigan,

the pages are scanned by avast as they are opened.  If you had the eicar tab open before you set up the proxy then it will not be scanned again until you re-open the eicar page.

Offline trigan

  • Jr. Member
  • **
  • Posts: 68
Alan,
I read  your above post and so I shut down the tab of the Eicar text file page. I made sure that the proxy settings were still directed to port 12080 in FF options and that Web Shield was up and running and scanning.

I then clicked on History > Show in Sidebar and clicked on the Eicar text file web page to re-open it. It opened up in a new tab.

AND STILL NO MESSAGE CAME UP as it usually does when I open a new web page in a tab or refresh a web page that is already open in a tab in Firefox.

But this time, I happened to notice that WebShield was scanning the following web page which I did not have in FF as a tab which I thought suspicious.

http://ab.google.com/safebrowsing/update?client=navclient-........-version 2.0.0.14=............

I could not see the end of it.
What is going on ?
Something tells me that I have to change something in Options or the Customize tab in Web Shield but what ?

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
trigan,

to check I just brought up my old Windows Me laptop which like your Win98 system uses a proxy to work with the Webshield.  When in Firefox I click on the eicar link you posted earlier FF opens a new tab - I get a yellow and red popup warning above the systray followed by avast's siren and popup window alerting me of the virus.

Are you using Google extension for Firefox for "safe browsing"? The page link you posted suggests that you are.  I do not know if that is affecting your attempt to get to the eicar page.

Offline trigan

  • Jr. Member
  • **
  • Posts: 68
Alan,

Thank you very much for going through the trouble of checking this out for me on your Windows98 me system. At least I know it should work.

How can I check whether I am using Google extension for Firefox for safe browsing please ?

There may be some other proxy setting that needs to be filled.
I right-clicked on the Avas systray icon and selected PROGRAM SETTINGS > UPDATE (CONNECTIONS)

I clicked on the PROXY tab and  a new window called Proxy Server Settings came up.

I selected the Select Proxy Server radio button. I typed in 12080 in the Port box but did not know what HTTP Address to type in. I then clicked on Test connection but after some time, it said that the test had failed.

Also do I need to specify anything in the Alerts section ?


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85070
  • No support PMs thanks
That isn't the correct proxy, this relates to the auto update process only, then only if you use a proxy to connect to the internet (I don't believe you do). If you did you use a proxy to connect you would have to enter the proxy port that your ISP determines you should use, not the web shield proxy, as that I believe would cause your auto updates to fail.

You have to manually set the browser to use the web shield browser and that is port 12080. The update process is a whole different kettle of fish and is not required for browsing, so I would suggest you reverse the changes you made in the Program Settings, Update (Connections).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline trigan

  • Jr. Member
  • **
  • Posts: 68
Thank you for your common sense reply, David. I wasn't thinking !!

I am happy to say that Web Shield has finally detected the Eicar text file page. But only after I booted the computer once or twice, each time I shut the Eicar page down before shutting down the computer.
So hurray!! Thanks to all of you I now KNOW that Web Shield is able to detect a threat even when I am casually surfing the Web. It is just as well because the Secunia Software Inspector that Frank told me about I found does not cater to Windows 98 unfortunately.

http://secunia.com/software_inspector/

And besides it only checks your computer's software in order to alert you to update it. It does not shield you from malaware like Web Shield does.

Incidentally I love the wonderful ALERT WINDOW that Avast brings up.
I wanted to make a jpg of it so that I could download it with my post to show you all. With my system specs, can you tell me whether I can and if so how ?

On another note, every time I boot up, Avast keeps on popping a green notice at the systray saying that there is an upgrade. Any idea of how I can stop Avast having this pop up each time I boot up ?

Since the 1201 version seems to be geared to tweaking Avas to Windows XP, I do not see the point of upgrading. Would you agree ? Also I am not sure whether the 1201 has a Simple User Interface or not. I do like the Simple User Interface J

trigan

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85070
  • No support PMs thanks
I wouldn't agree, that the update is simply geared to just tweaks for xp and vista.


Whilst many new functions aren't available because of the old OS used there are other function that are still available like the integration of the anti-spyware and any bug fixes, etc. for any security based software it is best to ensure you have the latest version if it has any security related fix, etc.

If you were not to update, the same would be true of the next and the next program update when you get to a point that it may no longer update as in the past there have been changes to how the updates are performed and that requires the program to be at a certain minimum version.

All versions of avast have the SUI as the GUI for the on-demand scans.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline trigan

  • Jr. Member
  • **
  • Posts: 68
Thank you DavidR once again for very important information.
I successfully updated Avast anti virus program and made a virus scan.

Typically after the virus scan, something odd happens. The Quick Launch icons on the left  side of the taskbar disappear along with the icons next to my Word documents in my Windows Folders.

This happened after virus scans in the previous version as well although the computer keeps on working normally.

Any idea how Avas anti virus program is causing icon disappearance to take place ?
How I can stop this from happening other than by restarting the computer ?

Thank you.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85070
  • No support PMs thanks
It isn't avast causing this, however scans place quite a load on your system as it will be running at high CPU and memory utilisation.

If you search the forums for this win98 phenomenon you will see it is basically down to win9x's poor resource management.

Prior to starting a scan I would advise shutting down any non-essential applications.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline trigan

  • Jr. Member
  • **
  • Posts: 68
Hi David,

I decided to find out exactly how much Windows memory each program was using. And luckily Norton System Doctor could provide me with that information.

According to the Norton System Doctor, the amount of memory the following programs use is as follows :

Norton System Doctor  38 MB
Avast anti virus 16.6 MB
ashmaisv.exe 10.8 MB
ashwebsv.exe 9.31 MB
Avast simple user interface   14.4 MB
Word document 20.4 MB

When I opened Zone Alarm firewall program, the memory used up by Norton System Doctor program  dropped down from 38 MG to 22.9 MB for some reason, but the values remained the same for the other programs.

The amount of memory used up by the new program was as follows :
Zone Alarm Firewall  9.29 MG  opens up with vsmon.exe 15.2 MB

When I opened Firefox browser program, the memory used up by Norton System Doctor program  dropped down from 22.9 MG to as little as 6.93 MB for some reason, but the values remained the same for the other programs.

The amount of memory used up by the new program was as follows :
Firefox browser   50 MB
----

I ran a virus scan with the Word document, Zone Alarms and Firefox shut down and after the scan, the Quick Launch icons remained there.

The only puzzle now is how come the amount of Windows memory that Norton System Doctor uses drops down so drastically but the amount that other programs use, remains the same.

Thank you DavidR for the vital clue as to how to avoid the icons disappearing.


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85070
  • No support PMs thanks
The system resources is a little more complex than just the RAM used, but having more RAM available to the avast scan should help that anyway.

I have no idea on the reported drop in memory use of Norton System Doctor, that may simply be windows trying to reallocate its memory to other applications when RAM is low.

Firefox can be a big memory hog.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline trigan

  • Jr. Member
  • **
  • Posts: 68
Thank you for your comments.

I just realized a twist to the above.
When Avast starts up at boot up, ashmaisv.exe and ashwebse.exe start running.

I have noticed that ashwebsv.exe program crashes for no apparent reason after Avast makes a virus scan. It happened another time when Superantispyware made its own scan. However, the Quick Launch icons remain there.

But if I press CTRL ALT DEL buttons, ashwebsv.exe is the only program in the list that is listed as NOT RESPONDING. Yes, the probable reason boils down to not enough RAM and or processing power.

Thankfully I found I can easily remedy this by ending this program and then re-starting it.
But it does not happen with ashmaisv.exe or the SAS program. Any idea why ?