Author Topic: Avast 4.8 Pro not detecting infections. Other tools are. Why? 2nd time now.  (Read 3682 times)

0 Members and 1 Guest are viewing this topic.

tripplec

  • Guest
I am attaching the Log from Malwarebytes which I run manually regularly. Although Avast is active all the time this is the second time I have found intrustion with this not picked up by Avast Pro. I am not impressed and now quite uneasy about using this product.

Most recent registry intrusion:
Malwarebytes' Anti-Malware 1.37
Database version: 2186
Windows 5.1.2600 Service Pack 3

5/27/09 6:21:49 PM
mbam-log-2009-05-27 (18-21-49).txt

Registry Keys Infected: 1

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partizan (Spyware.Banker) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

This was a while back as noted in the date stamp and something was operating but despite numerous scans and reboot and safemode I could not be found. Until i updated and repair everything to do with MSN and MSN Live. MalwareByte then picked it up and removed it and Avast was not aware and allowed it in somehow. Symptoms were sluggishness, CPU cooling fan on the notebook running regularly when not in use and MSN not responding. Removing the app in task manager render the system ususable. After a reboot everything would be normal for an hour or so then again symptoms would appear after an unspecific period of time.


Malwarebytes' Anti-Malware 1.36
Database version: 2153
Windows 5.1.2600 Service Pack 3

5/19/09 9:35:04 AM
mbam-log-2009-05-19 (09-35-04).txt


Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 62
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{29a5ea88-29a5-ea88-29a5-ea8829a5ea88} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{90ba04c5-f8cf-4e88-80e6-8675ddb34b6b} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0479e417-8dda-4c17-b2a6-804bb297af02} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{10fca270-b973-4117-872f-9dae2b05bf29} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{110fcca7-f2da-470e-a8ed-59dfdcf17883} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a36af99-75b4-4b6a-a8b3-4c4b5bbb0bba} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e8e7fab-3902-47fd-b8ba-159b46e6104a} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{20934f3e-4f74-4d74-ba80-389c010e5eb5} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2c7c4f8b-464f-4693-a5fc-376c824f8973} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3553b980-0c48-4559-9180-9aac06c0c096} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3c124163-746b-487b-b9c2-a52b5703d32a} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e643efd-22d5-4a53-9ca6-6d43d8cde24e} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{41047ed2-bd14-411e-8cc8-90879912182b} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4a434ffb-2a8c-4910-ba39-3cc7baf90254} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5545f435-6ca5-4d55-aee1-89a38c8d5a2d} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62860df6-b716-49a5-8a97-64f9dc8eced5} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6572a550-3173-407f-9ef7-ebefb50ed30e} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6fc9c1ff-5e96-4eaf-8a3c-8c3571f92de4} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{78901cbb-09c8-491e-919c-b65d3849b5be} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7d66121a-16a3-4971-a5b3-86cc6a545315} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7f66654f-21d5-417c-94bf-1458642d9f32} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8113b945-ee83-442c-a04b-03967eb16acf} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8a57fe0b-b441-40cb-823e-d013f1422415} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{91d7f1cc-1d95-4a6f-b2b4-247b51e26c1e} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9bc3450d-cfb9-43ec-826b-da4b74b49ca0} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{af955dcb-16a9-48db-8079-3f7bc54b5a1d} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bc733bb3-680a-41c1-b408-e8e52713d2b3} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c280ff7e-d03a-4199-9ab1-deae43582ee8} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d10925dd-a277-49cd-99f1-e1d6ba20bd1b} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e3aeb49b-edcf-4894-b455-3614ec9d4752} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0fd3684-1e24-4fb2-9062-b39f8b7127d8} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f4d74525-5387-4919-9a06-f7e11f3027b7} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03d389ae-0455-4504-8768-c6027f3fb7eb} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0c9298ff-4f28-4b5f-ab4a-b93925686d87} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e50c9f8-adbf-4a46-b082-159c78dafbf9} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0eb70964-9577-423c-954c-5f6de27e8eb3} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e680528-ebd9-4f0f-ad2f-b01ed04ee903} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{22826d59-929d-4fe8-be38-87c9a24f88d5} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{276525ed-260a-476f-a9b7-b4ff95cefc01} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5897c539-6b62-40ad-a630-a349ffef9731} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d853e0-0154-4133-9f58-cc8255eca98b} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{78aee122-5292-4064-bc61-52b8b1c31e0e} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7b8ad727-7812-4567-a323-3847051f3f05} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83fa6af5-5751-4783-8ce6-3f8a3320e154} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{986644d1-6a97-4c23-8ba7-cd67b11463e1} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98e9da52-5eed-4906-9cd5-0f842617cecb} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c5a57c9-6c2b-4edf-98c4-1631e9ccae4a} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a931abfb-473b-43b0-9ec4-69eb26b230f6} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae5b5c4a-4721-4077-b148-29591ecbf609} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b911575b-0ca1-45f4-999e-b9fee06a980d} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd5f415c-8dd5-48d4-9bf1-a854faf291d1} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5fead51-277b-4863-85e2-1f898ed09070} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6152b27-357e-41a5-94bc-45636c4291e8} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c689490c-6c14-4925-9023-89d250dc6558} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6f5b432-0df1-4bd1-9c69-71e0eb23f671} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dbb6b0e4-72c1-4245-8760-3e21ac20ba32} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea065afc-5557-448c-afd0-b3b33ecbcd67} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ecc19750-c168-4c58-ac0e-48a6f52e3f5c} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0ba00a2-a4cc-4d1b-871f-8ea152badbc6} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f87dfe9d-5908-43bb-ab0b-b5f624c07582} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd4fe808-1020-45b8-8228-0f55a15dbd6e} (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fec96c47-4ff2-4809-afd2-ebdc87f1d3e8} (Worm.P2P) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\muvee Technologies\030625\MPEffects.dll (Worm.P2P) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\muvee Technologies\030625\MPEffects.dll (Worm.P2P) -> Quarantined and deleted successfully.


Anderson2

  • Guest
I've had the same experience with Avast 4.8 free in Windows XP.  It missed numerous infected files.

Not sure it is dependable.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
No antivirus is perfet.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11858
    • AVAST Software
The log you posted... looks pretty much like a false alarm to me.
MPEffects.dll seems to be part of a video editing software...?

tripplec

  • Guest
The system has been responding normally since they were removed. That was the part of the first wave of infestations ~ 62 if I recall from the log. The last log is a registry infestation only. Certainly not a false positive. My system was active without use. Thats a dead give away that something is wrong.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Can you send the samples to virus@avast.com ?
You can zip and password the files... Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.

You'll need to restore the files from MBAM quarantine and send...
The best things in life are free.

tripplec

  • Guest
I removed Avast Pro. Moved on to something else.
Testing Avira now along with Zonealarm Suite.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
I removed Avast Pro. Moved on to something else.
Testing Avira now along with Zonealarm Suite.
Go ahead. Avira is quite a very very good antivirus too.
The best things in life are free.