Author Topic: Can I somehow keep a "bad" program running with the free version?  (Read 3969 times)

0 Members and 1 Guest are viewing this topic.

reddy4u22

  • Guest
Hello. This is probably a silly question, but on my computer a run a Spyware 007 software on purpose (kids' safety - keep up on what they are doing, etc).  It has been running just fine with the Avast Free just until about 2 days ago and now the Avast is deleting it (which yes, I know, it is supposed to do - lol).

Is there any way to make this program exempt from detection?  I think it is actually the Resident Protection that is now picking it up and not the scanner part. 

I have read the owner's guide and seeing as I am not very computer savvy, can someone direct me?

Thank you for any help you might provide. 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Can I somehow keep a "bad" program running with the free version?
« Reply #1 on: August 19, 2009, 10:10:49 PM »
Lets get it straight, avast doesn't delete anything autonomously. It scans and alerts to infection and displays options that 'you' the user select and avast then carries out that instruction.

So is avast alerting on the file ?

If so - What is the malware name, the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
 
- Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

reddy4u22

  • Guest
Re: Can I somehow keep a "bad" program running with the free version?
« Reply #2 on: August 20, 2009, 02:57:06 AM »
Okay here is the info from the data log file:

Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\Common Files\Microsoft Shared\DAO\DGKB1L91\svchost.exe" file. 

This is the file on my computer it is in:

C:\Program Files\Common Files\Microsoft Shared\DAO\DGKB1L91

It does pop up with the option box on what to do with the file, and when I hit Do Nothing, the service stops anyway. Perhaps I have something set wrong?  What is confusing me is this just started happening a couple of days ago and before that, it was okay.

Thank you for your response.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Can I somehow keep a "bad" program running with the free version?
« Reply #3 on: August 20, 2009, 03:37:39 AM »
Do nothing or rather No Action means take none of the actions listed in the alert, but it won't allow you to run what it considers an infected file, so it isn't deleting it at all but stopping it from running.

The location of the standard svchost.exe file is c:\windows\system32 so that is the file which should be running and not this one. So to me that one is highly suspect. Also see this, which expresses concern, http://vil.nai.com/vil/content/v_134757.htm, there are other similar hits on google also.

If this is a legit program why isn't it using the standard svchost.exe file and or why isn't it in its own program folder.

New signatures are added and tweaked all the time to pick up more malware, si it isn't unusual for this to happen.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive (no other scanners consider it spyware./malware), see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

reddy4u22

  • Guest
Re: Can I somehow keep a "bad" program running with the free version?
« Reply #4 on: August 20, 2009, 05:49:14 AM »
Thank you so much.  I will definately look into this and I think if worse comes to worse, I can try the Suspect file plan and see if that helps. 

Thank you again and have a great day.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Can I somehow keep a "bad" program running with the free version?
« Reply #5 on: August 20, 2009, 02:39:04 PM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security